Penetration Testing and Advanced Persistent Threat (APT)
Our APT can be conducted on both the infrastructure level and the application level. Tests include a mapping of the segment, identifying weak links in the infrastructure chain, misconfiguration and out of date systems which could allow an unauthenticated attacker to gain privileges inside the segment.
This test examines a wide array of components inside the network mostly untested and less secure oriented (Printers, Switches, Storage systems, DVR systems) and common systems (web applications, mail, file systems and monitoring servers).
- Searches of open ports and known vulnerabilities within systems and protocols that have external references.
- Manual process for identifying additional vulnerabilities.
- Examining of remote access capabilities (VPN, Terminal, etc.).
- Identifying external access to exposed assets.
- Input Validation in order to prevent SQL injection, cross site scripting, local file inclusion and other, more common attacks.
- Identification details on client side, bypass through change password mechanisms, password retrieval and more.
- Permissions – examine the permissions process through all application interfaces, problems such as: Forced browsing Information disclosure, directory listing, and path traversal.