Information Security Organizations trends are becoming increasingly reliant upon information technology in

Similar documents
NETWORK PENETRATION TESTING

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

An Introduction to Network Vulnerability Testing

Penetration Testing Service. By Comsec Information Security Consulting

Cisco Advanced Services for Network Security

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Information Security Office

About Effective Penetration Testing Methodology

WHITE PAPER. An Introduction to Network- Vulnerability Testing

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Evaluation Report. Office of Inspector General

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Information Security and Risk Management

Cisco Security Optimization Service

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

THE TOP 4 CONTROLS.

Information Technology Security Review April 16, 2012

Attachment A. Identification of Risks/Cybersecurity Governance

Ethical Hacking Agreement for External Network Security Unannounced Penetration Test

How To Perform An External Security Vulnerability Assessment Of An External Computer System

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Presented by Evan Sylvester, CISSP

PENTEST. Pentest Services. VoIP & Web.

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Checklist for Vulnerability Assessment

Network Security Audit. Vulnerability Assessment (VA)

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Information Blue Valley Schools FEBRUARY 2015

Foundstone ERS remediation System

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

For more information or call

2012 North Dakota Information Technology Security Audit Vulnerability Assessment and Penetration Testing Summary Report

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

GUIDE TO IMPROVING INFORMATION SECURITY IDENTIFYING WEAKNESSES & STRENGTHENING SECURITY

Looking at the SANS 20 Critical Security Controls

SECURITY. Risk & Compliance Services

Cybersecurity Awareness. Part 1

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

Cyber Essentials Scheme

Managing IT Security with Penetration Testing

PCI Security Scan Procedures. Version 1.0 December 2004

Penetration Testing in Romania

Penetration Testing. Presented by

IBM Managed Security Services Vulnerability Scanning:

ISO Information Security Management Systems Foundation

Critical Controls for Cyber Security.

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Middle Class Economics: Cybersecurity Updated August 7, 2015

Penetration Testing //Vulnerability Assessment //Remedy

Cyber Security Management

locuz.com Professional Services Security Audit Services

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Fraud and Abuse Policy

Information Security Services

NERC CIP VERSION 5 COMPLIANCE

SecurityMetrics Vision whitepaper

Technical Testing. Network Testing DATA SHEET

How-to: DNS Enumeration

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

TLP WHITE. Denial of service attacks: what you need to know

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

Vulnerability Assessment Report Format Data Model

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

SANS Top 20 Critical Controls for Effective Cyber Defense

GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT

White Paper. Information Security -- Network Assessment

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

ESKISP Manage security testing

Why You Need to Test All Your Cloud, Mobile and Web Applications

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

OCIE CYBERSECURITY INITIATIVE

Web App Security Audit Services

PCI Compliance. Top 10 Questions & Answers

Cisco IPS Tuning Overview

Course Title: Penetration Testing: Network & Perimeter Testing

Reference Architecture: Enterprise Security For The Cloud

The Value of Automated Penetration Testing White Paper

Penetration Testing Report Client: Business Solutions June 15 th 2015

Cybersecurity and internal audit. August 15, 2014

Juniper Networks Secure

Reducing Application Vulnerabilities by Security Engineering

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

Targeted attacks: Tools and techniques

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and GLBA

Cybersecurity The role of Internal Audit

Transcription:

DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights Reserved. 2011

Penetration Testing Service Overview Information Security Organizations trends are becoming increasingly reliant upon information technology in all aspects of the business enterprise. Many n organizations, including government, military, businesses, educational institution and industries, are counting on increased connectivity, availability of systems, and open environments for increased productivity, flexibility, and growth. However, computer systems are interdependent entities; this interdependence brings new security challenges, vulnerabilities, accidents, criminal behavior, and malicious activities. The rapid expansions in the n Information Technology sector has resulted in a corresponding increase in demand for information technology specialists in the national workforce, especially for specialists with technical skills in information/computer assurance and security. Many security tasks are not being adequately performed due to lack of personnel. The pervasive nature of the problem is evidenced by several recent reported security breaches. Spentera Penetration Testing services or ethical hacking is an exercise that attempts to simulate the techniques adopted by an attacker to compromise your systems. It helps to highlight those vulnerabilities which could be exploited by a remote unauthorized attacker. Our penetration testing service is a highly creative, out-of-the-box engagement, and often results in new vulnerabilities being discovered or a new tool being developed from such an exercise. Features Spentera validates the control and implementation of existing security and risk measures by performing demonstrations of activities that are unknown in the networks, systems and attacks on application as part of a security testing in a safe and controlled manner. When testing is complete, you will receive detailed maps that prioritize security weaknesses in systems and networks environment of your application. Determine weakest points of the system and network infrastructure from the external or internal view. Reducing the security threat to information systems, networks, and use of applications within the enterprise. Using combination of hacking techniques which is done manually or by using commercial tools to produce accurate output. Spentera prioritizes the quality and maximum results for each findings We use the best known world methodology to satisfy the entire penetration test process, such as PTES and NIST SP800-42. All the penetration testing processes are conducted by our experienced people. Spentera uses In-Depth Vulnerability Analysis techniques, which means closely analyzing all vulnerabilities discovered in the process of penetration testing. We will deliver the comprehensive report including the executive summary, technical summary, and technical detail of each finding. If requested, we will do a live demonstration of our findings. PT. Spentera is a company registered in. Page 5

Benefits Spentera penetration testing helps protect your organization against threat: By conducting penetration tests, you can quickly fix the existing vulnerabilities. We produce accurate and high quality examination. You will get the results of comprehensive report including a detailed explanation of each weakness. Our service can be tailored to the client needs. We will protecting your company integrity and brands. By conducting penetration testing, you already take one step ahead to prevent loss to your business. Penetration test will raise the information security awareness. With the penetration testing results, you can produce the best information security strategies to protect the company assets. Helps to achieve and maintain compliance with federal and state regulations. Technical Information Spentera dividing the stages of penetration testing into eight sections and each step has a unique hundred combination of attack vectors (except the adjusting scope) Adjusting Scope Adjusting scope is a process to determine the boundaries of what are included in the process of penetration tests, such as networks boundary, IP addresses, servers and others, including the necessary procedures against it. Information Gathering In this process, Spentera experts will gather detailed information about the target network. Usually dig in public sources, such as newsgroup, search engines, forums, or the WHOIS database. The purpose of this process is usually to map the information about the target, thus forming clear information about the design and structure of the target networks. Target Identification During this phase, Spentera s consultant will identify as much as possible whole systems linked with the target, such as mail servers, firewalls, web servers, IDS/IPS(s), etc. This phase is intended to find a way commonly used by malicious users and intruders as a way into the system. Target Enumeration After gathering information and target identification stage has been fixed. Target enumeration move one step further to fully identify the proper networks topology, operating systems with their patch levels, application versioning, and open ports on the target system. Vulnerability Mapping This phase of engagement mainly deals with the profiling of target environment for known, private and unknown vulnerabilities. Technically, it is divided into two phases: PT. Spentera is a company registered in. Page 6

Vulnerability Identification Based on the findings of the previous enumeration, Spentera team will conduct further testing on the results of such enumeration. Testing is done by comparing the version of the application / operating system, system configuration, or implementation of wrong system with known vulnerabilities. If the vulnerabilities is not found in the list of known vulnerabilities, so our team will conduct further experiments to ensure that there are no vulnerabilities in the application / system. Our team is equipped with a script or adequate equipment to conduct in-depth security testing. Vulnerability Analysis Before the real world exploitation executed, Spentera team will examine closely and carefully all vulnerabilities that could cause environmental hazards in the production system. If the vulnerabilities that discovered is a critical vulnerability, we will immediately notify the client without waiting for the testing process completed. So that the client can immediately take necessary actions. Exploitation In the final stage of penetration testing, client infrastructure will be assessed by examining the most severe security vulnerabilities and to measure the vulnerability that marked as critical. Our team will try to gain access using a set of exploit scripts that are divided based on the exploitation of vulnerabilities discovered earlier, this is to ensure that all exploitation of the script matches the target environment. Post Exploitation Once the target has been successfully exploited and acquired. Spentera team can use this owned platform to launch further attacks into the networks that is inaccessible from outside. Our team will repeat the process of target identification, enumeration, vulnerability mapping and exploitation again and again until our team could not continue compromise any further. Social Engineering Humans are also part of the system, so that the scope of security testing should involve the human factor. In security testing, human factors is the weakest link, so it can be easily exploited. Spentera team will use social engineering to obtain more information about the target, such as email, phone numbers, forums, and more. PT. Spentera is a company registered in. Page 7

Adjusting Scope Final Report & Deliverable Information Gathering Post Exploitation Penetration Testing Target Identification Exploitation Target Enumeration Vulnerability Mapping Compliance Spentera's Penetration Testing service can meet the requirements of many standards and guidelines in relation to information security. Our Penetration Testing team has working knowledge of the following standards and attempt to exceedingly meet their requirements. Bank Regulation No. 9/15/PBI/2007 Implementation of Risk Management in the Use of Information Technology by Commercial Banks Regulation of Bank Number 9/15/PBI/2007 states that all banks under the auspices of Bank shall perform risk management practices in their IT environment. The policy consists of several articles that determine how banks should monitor and manage IT risks related to building good governance in the banking sector. To fulfill the regulation policy, we provide the following services (as illustrated below): PT. Spentera is a company registered in. Page 8

Penetration Testing Managed Vulnerability Service Live Incident Response Sales Inquiry To find out more about detailed of each service related to pricing, please contact sales@spentera.com, our agents will be happy to assist you. Contact To find out more detailed information of each service including to pricing, please contact sales@spentera.com, our agents will be happy to assist you. PT. Spentera is a company registered in. Page 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information