Introduction to Services
A penetration test is a basic simulation for hacking attack. Our penetration test team tries to break through network or system defenses with minimal information, such as searching the issues of web page programs or operating systems, in order to obtain further permissions or access unauthorized data. With the result of penetration test, we’re able to understand the security blind spots in the system building or programming process. So that we’re able to prevent and correct it, this will heighten the security level of enterprise network and reduce the security risk.
Service is performed in three phases
- Preparation phase: Before conducting a penetration test, we need to confirm the approach, the goal and the timing of it. Relevant agreement must be signed to ensure that the test is conducted under mutual consensus.
- Implementation phase: Refer to OSSTMM (Open-Source Security Testing Methodology Manual) to create a framework. It is divided into three steps: data collection, information analysis, and target penetration. Also, vulnerability categories of SANS Top 20 and OWASP (Open Web Application Security Project) are used as main detection criteria, but different vulnerability penetrations may still be used as appropriate depending on situations. In the meantime, "application penetration test" and "system, network penetration test" are of different natures in execution, so that the "application" and the "system, network" are considered separately in the execution phase and are performed in different ways.
- Reduction of security vulnerabilities
- Enhancement of security protection
- Reduction of risk level
- Improvement of security level