Client meeting
Before the test, we meet with all our clients explaining them the necessity of this test and also how it will be beneficial for them. We also discuss our Pen test perimeter.
SERVICE DETAILS
Penetration testing, also called pen testing, is a cyberattack simulation launched on your computer system. The simulation helps discover points of exploitation and test IT breach security. Unlike vulnerability assessment, ethical hacking at NSC not just seeks for vulnerabilities. We aim to find out security breaches in your network before true enemies attempt to exploit sensitive data. To stay ahead of adversaries, we apply hacker’s mindset and techniques.
OUR PROCESS
1
2
Quotation
An affordable price is proposed to our customers.
3
Initialization
Once we have confirmation from our client, we start with preliminary test.
4
Preliminary Report
A preliminary report is provided to the customer outlining all the vulnerabilities discovered along with suggested solutions.
5
Re-test
Once our customers have correct all the vulnerabilities, another test is carried out to ensure the vulnerabilities have been corrected.
6
Reports
A final report is provided to customer outlining all vulnerabilities discovered and how they have been corrected.
SECURITY THREATS
WHAT YOU RECEIVE?
Why go for security assessment?
Types of penetration testing
Network infrastructure
An attack on a business’s network infrastructure is the most common type of pen test. It can focus on internal infrastructure, like evading a next-generation intrusion prevention system (NGIPS), or the test can focus on the network’s external infrastructure, like bypassing poorly configured external firewalls.
In an internal test, businesses may be focused on testing their segmentation policies, so an attacker focuses on lateral movement in the system. In an external test, the attacker focuses on perimeter protection, like bypassing a next-generation firewall (NGFW).
Network attacks may include circumventing endpoint protection systems, intercepting network traffic, testing routers, stealing credentials, exploiting network services, discovering legacy devices and third-party appliances, and more.
Web application
True to its name, this test focuses on all web applications. While web applications may have some overlap with network services, a web application test is much more detailed, intense, and time consuming.
Businesses use more web applications than ever, and many of them are complex and publicly available. As a result, most of the external attack surface is composed of web applications. Some web applications are vulnerable on the server side, and some are vulnerable on the client side. Either way, web applications increase the attack surface for IT departments.
Despite their cost and length, web application tests are crucial to a business. Web application issues may include SQL injection, cross-site scripting, insecure authentication, and weak cryptography.
Social engineering
Social engineering tests simulate common social engineering attacks such as phishing, baiting, and pretexting. These attacks aim to manipulate employees into clicking a link or taking an action that compromises the business network. Often, clicking the link authorizes access, downloads malware, or reveals credentials.
A social engineering test can reveal how susceptible a business’s employees are to these attacks. Small employee mistakes can grant adversaries their initial access to the business’s internal network. Physical
Finally, businesses can do a physical pen test that focuses on the physical security of their organization. During these tests, an attacker attempts to gain building access or find discarded papers or credentials that can be used to compromise security. Once inside the building, an attacker may attempt to gather information by eavesdropping or hiding rogue devices in offices to give remote access to the business’s internal network.
While IT typically focuses on digital security, tools for network protection can be useless if the business allows building access or reveals information to outsiders. For example, an employee may let someone into the building or offer a Wi-Fi password without checking to see if the person requesting access is an employee.
What methods do we use?
Penetration testing and vulnerability analysis
We aim to be trustworthy by our clients. That’s why our team holds certifications such as CCNP, CEH, ECSA, CISA and CISSP and conducts more than 100 test-scripts, covering the most typical OWASP vulnerabilities such as: