Vulnerability assessment is the process of identification and classification of security holes (vulnerabilities) in a computer, network, or communications infrastructure. In addition, vulnerability analysis can forecast the effectiveness of the proposed countermeasures and evaluate their actual effectiveness after they are put into use. They are usually conducted using mainly automated tools. In comparison with the penetration test, vulnerability assessment does not try to exploit the identified vulnerabilities in order to prove their truthfulness and impact on the business.
Web application penetration test
Web Application penetration testing could use combination of automated and manual methods in order to exploit discovered vulnerabilities, security flaws and threads in web applications. In other words the testing simulates the activities of a malicious hacker by representing the methods and tools which the hacker would use. Security vulnerabilities could be discovered in front end and back end systems, databases, programming code, authentication mechanisms and more. After that the test discovers and prioritizes the discovered vulnerabilities. After all the test represents options for remediation of the discovered vulnerabilities. In addition the web application penetration test also examines all communication channels and APIs.
In cases when mobile application is also present, mobile application penetration test might also be required.
Mobile application penetration test
Mobile application penetration test, similarly to the web application penetration test represents the activities of malicious hacker, trying to cause damage to an organization. In other words the purpose of the security test is to identify and verify the discovered issues. Mobile application penetration test uses a different approach. In comparison the traditional application test considers the primary threat as originating from Internet. Therefore Mobile application penetration test focuses more on client-side, hardware, file system and network security testing. In comparison with other applications, mobile application allows the end user to control the application.
Network penetration test
Network penetration test aims to identify and exploit vulnerabilities in network devices, hosts and other systems. The test simulate the activities of a malicious hacker. In other words the purpose of the test is to reveal vulnerabilities allowing an unauthorized user to steal sensitive data or to take-over corporate systems for malicious purposes.
During the test SoCyber is testing the security of routers, switches, firewalls, IPS/IDS devices, VPNs, servers, anti-virus systems and more.
In addition the network penetration tests which SoCyber provides will reveal the vulnerabilities through both hackers’s and network security professional’s perspective.
When important web and mobile applications are present, web application penetration test and mobile application penetration test could also be useful for the company.
Social engineering test
Social engineering testing relies on exploitation of factors in the human nature, typically by attempting scams on a company’s employees. In addition when security policies and practices are implemented by management, social engineering would test the adherence of the employees to those policies. Therefore the company would also be able to check the consequences from the activities of disgruntled employee, willing to steal corporate information by exploiting critical systems. For instance testers might send an email pretending to be someone from the management, asking the employee to open an attachment, provide sensitive information or visit a malicious website. After that a tester might call employees pretending to be from the IT staff, asking the employees to perform specific actions with their passwords. Companies often perform social engineering test in combination with security awareness training program.