NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER



Similar documents
white SECURITY TESTING WHITE PAPER

NETWORK PENETRATION TESTING

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Penetration Testing with Kali Linux

An Introduction to Network Vulnerability Testing

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

AN OVERVIEW OF VULNERABILITY SCANNERS

Security Testing Summary of Next-Generation Enterprise VoIP Solution: Unify Inc. OpenScape SBC V8

Penetration Testing Report Client: Business Solutions June 15 th 2015

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Vulnerability Assessment and Penetration Testing

WHITE PAPER. An Introduction to Network- Vulnerability Testing

CRYPTUS DIPLOMA IN IT SECURITY

WHITEPAPER. Nessus Exploit Integration

National Endowment for the Arts Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement Exit Conference...

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Client logo placeholder XXX REPORT. Page 1 of 37

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

1. Building Testing Environment

Penetration Testing Workshop

Reference Architecture: Enterprise Security For The Cloud

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. abechtsoudis (at) ieee.

CYBERTRON NETWORK SOLUTIONS

!!!!!!!!!!!!!!!!!!!!!!

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Metasploit The Elixir of Network Security

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Tenable for CyberArk

(WAPT) Web Application Penetration Testing

Network Test Labs (NTL) Software Testing Services for igaming

EXTRA. Vulnerability scanners are indispensable both VULNERABILITY SCANNER

EC-Council Certified Security Analyst (ECSA)

Attack and Penetration Testing 101

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

McAfee SECURE Technical White Paper

Network Security Audit. Vulnerability Assessment (VA)

Security Testing for Web Applications and Network Resources. (Banking).

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

Certified Ethical Hacker (CEH)

HTExploit: Bypassing htaccess Restrictions

Cyber Essentials. Test Specification

INFORMATION SECURITY TRAINING CATALOG (2015)

Reducing Application Vulnerabilities by Security Engineering

Security and Vulnerability Testing How critical it is?

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

SECURITY TRENDS & VULNERABILITIES REVIEW 2015

Attack Frameworks and Tools

Introduction to Laboratory Assignment 3 Vulnerability scanning with OpenVAS

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

IDS and Penetration Testing Lab II

The Open Cyber Challenge Platform *

Cybernetic Proving Ground

Andreas Dittrich, Philipp Reinecke Testing of Network and System Security. example.

Using Nessus In Web Application Vulnerability Assessments

Spigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Vinny Hoxha Vinny Hoxha 12/08/2009

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Vulnerability Scanning & Management


Security Considerations White Paper for Cisco Smart Storage 1

Web Application Security

CONTENTS. PCI DSS Compliance Guide

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Penetration Testing. Presented by

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

External Penetration Assessment and Database Access Review

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Virtual Learning Tools in Cyber Security Education

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Seven Practical Steps to Delivering More Secure Software. January 2011

Audience. Pre-Requisites

Part Banker. Part Geek. All Security & Compliance.

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Vulnerability Management

Introduction to Nessus by Harry Anderson last updated October 28, 2003

The Nexpose Expert System

Deciphering The Prominent Security Tools Ofkali Linux

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

Information Security. Training

Security from the Cloud

CIT 480: Securing Computer Systems. Vulnerability Scanning and Exploitation Frameworks

Commissioners Irving A. Williamson, Chairman Daniel R. Pearson Shara L. Aranoff Dean A. Pinkert David S. Johanson Meredith M.

defense through discovery

Hosts HARDENING WINDOWS NETWORKS TRAINING

The Queen s Horses, London, May Application Security From Jerry Scott

Sample Report. Security Test Plan. Prepared by Security Innovation

locuz.com Professional Services Security Audit Services

PENETRATION TESTING GUIDE. 1

White Paper. McAfee Web Security Service Technical White Paper

Transcription:

A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l a g s h i p p r o d u c t, i d e n t i f y & a n a l y z e p e r f o r m a n c e b o t t l e n e c k s a n d i m p r o v e e f f i c i e n c y o f t h e a p p l i c a t i o n b y 1 0 t i m e s. z e n q. c o m NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER CASE STUDY: PERFORMANCE TESTING ABSTRACT: A Case study on how ZENQ performed Network Penetration Testing for a Medical Record & Practice management Software Solution Corporation to uncover vulnerabilities and security loopholes which would otherwise have cause huge loss and impact to the business. Client: A leading EHR Management solution provider Industry: Healthcare Offering: Security Testing

. Client Client has expertise in web based online health care solutions based in USA. It provides cloud based EHR (Electronic Health Record) and medical practice management solution to its customers. Challenge Our client provides cloud based solutions to medical record management and practice management. The challenge was to assess the vulnerability and penetrate into the network of client. The client has 30 external facing nodes which are of different operating systems and application servers. Vulnerability assessment of the all the platforms and identification of false positives and exploitation was major challenge. Our Approach Our security testing experts, here at ZenQA,. Our security testing experts, here at ZENQ, followed a structured approach based on industry wide standards, best practices and methodologies to effectively conduct External Network Penetration Testing To begin with, Security team interacted with the client to gain a thorough understanding of target systems/network architecture and technology behind the system Threat profiles (based on Microsoft Threat modeling process) are then created. These threat profiles list out all the threats that can pose risk to the clients Network, along with the goals of the adversary in attacking the Network.

Detailed Test plan including the Test strategy & Test cases by associating threats attack scenarios on functionalities was created. Test plan was reviewed and agreed upon with the client. Upon approval of the test plan, the Network was decomposed towards the threat, and vulnerabilities were identified using combination of manual tool based techniques to ensure optimal results. Threat scenarios were constructed to exploit the identified vulnerabilities manually to give better understandability of hack to the client. Two detailed reports- Executive review report provided the bigger picture of overall security, issues and their impact at each risk level & the Technical review report provided the test details, scan results, the each vulnerability discovered and the suggestions for remediation, were submitted to the client. Technical in-depth details of the each vulnerability discovered and the Environment Network Range: X.X.X.X/27 Security Test Tools: Nmap, Metasploit, Snmpcheck, Hydra, Netcat, Nessus Upon completion of the test execution/ exploitations. Root cause analysis and recommendations on how vulnerabilities can be addressed /resolved were determined.

Results Successfully uncovered vulnerabilities that would have caused huge loss and impact to business. Following are the major vulnerabilities that were identified and confirmed: Web server was vulnerable to DOS attack Blind SQL injection was detected on application hosted on web server. Able to dump the database information SSH was brute forced because of weak password Exploited PHP remote code execution vulnerability and got access to server Incorrectly configured SSL certificates Outcome ZenQ team successfully performed Penetration Testing on client s network. In the end, client received the detailed list of defects found, recommendations on how to enhance the security stature were also provided. Our seamless communication & client interactions, constant updates and continuous efforts has helped the client to uncover some critical vulnerabilities..

About ZenQ ZenQ is a global provider of high quality Software Development & Testing Services, offering cost effective valueadd outsourcing solutions to our clients. Our highly competent IT Professionals, Domain experts, combined with industry best practices & our investments in state-of-the-art technologies makes us a dependable and longterm IT service partner to all our clients is an For more information, email us at : sales@zenq.com OR Visit us at www.zenq.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information