Penetration Tests

Penetration Test Service: ARE YOU SECURE?

Penetration test is the process of trying to gain access to resources without the knowledge of usernames and passwords. If the resources on the computer are important, as a result of a successful penetration confidential documents, pricelists, databases and other critical information can be obtained or subverted. The most important thing that separates a penetration tester from an attacker is that the former gains permission before penetrating into a system. The penetration tester gains permission from the owner of the resources that will be tested and is responsible for providing a report after the test is completed. The aim of a penetration test is to increase the security of the resources to be tested. Generally, penetration tester are contracted to find only one vulnerability but the tester ignores the first vulnerability so that other vulnerabilities can also be identified and fixed. The penetration tester should keep detailed notes about the process and in this way the results can be verified and all problems can be successfully solved. The tester may not find all of the problems about security. For example, the organization can pass the test performed yesterday. However, a new vulnerability can emerge on the system or there can be new security holes on e-mail servers. It is impossible to know when a vulnerability will emerge. Maintaining a secure network always requires preparedness and carefulness.

External Penetration Test (Black Box):

At this stage, we do not demand any technical or executive information from the organization. We complete active-passive research, documentation and reconnaissance processes. We think and move like a hacker and test your system externally. We deliver you two separate reports as executive and technical.

Internal Penetration Test (White Box):

Following Black Box test, White Box process begins. White Box is the test process carried out from the internal network of your organization. While performing this test, we obtain many information and according to the situation we carry out attacks with scenarios and complete the test. We deliver you two separate reports as executive and technical.

Verification Test (Check Box):

1-2 months later the two tests mentioned above are completed, we perform a third verification test in order to control whether the detected security flaws have been fixed or there is a new critical vulnerability on the tested system. We also perform a third verification test in order to check whether the determined security policies have been applied or not.

Web Application Penetration Test:

Web applications are on the seventh layer of OSI layers, on this layer there are many software languages such as asp, aspx, jsp, php and ruby. In these languages, there are of course many attack vectors but the biggest problem of this layer is that software developers of every knowledge level work on this layer. Web software are still controlled as ”the software runs or doesn’t run” in Turkey and become accessible on the internet without making the sufficient controls. There are basically seven attack vectors of web software, these are; DNS, SQL Injection, XSS, CSRF, LFI, RFI and Business logic errors, yet these vulnerabilities have also subcategories.

The corporate face of your organization is your website, the face increasing your prestige by showing your commitment to the quality and consolidated technology is your web-online applications. Since continuous development or recoding activities on websites are costly and more difficult, the best method for the stable security of your website and online application is a penetration test. Penetration test finds vulnerabilities, it produces problem-focused solutions. As a result, you do not have to lose time and money.

Thanks to the web applications penetration test performed by UITSEC experts, you can easily see the positive exploitable application vulnerabilities. UITSEC also offers you the most effective solution suggestions regarding the detected vulnerabilities. UITSEC engineers use Open Web Application Security Project (OWASP) PenTest methodologies for web applications penetration tests.

Mobile Application Penetration Test:

As technology develops every day, mobile applications are becoming more dominant than ever. Of course, this has caused the emergence of new types of attacks that were not relevant in the classic web application world. As UITSEC having experienced engineers in the field of mobile application security, it is our mission to define and improve mobile application security. In mobile application penetration test, all vulnerabilities will be detected and additional attack vectors that can emerge indirectly will also be analyzed. Our penetration test team uses the most advanced technologies to test mobile applications and their security.

Wireless Network Penetration Test:

Within the framework of wireless network tests, vulnerabilities of the specified wireless networks are tested. On the wireless networks to be audited, configurational errors, vulnerabilities regarding the breakability durations of the used passwords, vulnerabilities of the used encryption types and vulnerabilities of services and control panels found on the devices will be audited.

VOIP Penetration Test:

  1. VOIP DoS
  2. Spoofing Phone Calls
  3. Manipulation of Message Service
  4. VOIP Spam
  5. VOIP-to-Data Exploit
  6. Manipulation of Service-Integration-Data Management Services
  7. Call Hijacking
  8. ARP Poisoning
  9. RTP Insertion
  10. Fake Phone Record
  11. Destructing Recorded Data
  12. Eavesdropping and sniffing conversations
  13. CDP Poisoning
  14. Interception MITM Attack
  15. Data Integrity Deformation
  16. Identity Spoofing
  17. SIP Spoofing
  18. SIP Exploitation
  19. RTP Bypass
  20. VOIP Client Devices Manipulation
  21. VOIP Segmentation Error Detection
  22. VOIP Segregation Audit
  23. Privilege Escalation through VLAN
  24. VLAN Hopping

Although there are many ways to keep the systems and applications of an organization secure, the only way to know you are really secure is to perform penetration tests manually and periodically.

Penetration test and vulnerability assessment are the two terms which many people are confused about. These two terms are interrelated but there also some differences. While vulnerability assessment generally focuses on identifying areas that are vulnerable to an attack, penetration test emphasizes on gaining as much access as possible.

Analysis of the systems by another party is an important security practice. It is very important to test a system before it enters into service. Above all, detecting critical vulnerabilities and fixing them without losing time are the most important steps.

Penetration test report includes an Abstract, an Executive Summary covering high level operational details like a critical problem to be fixed and Technical Summary providing suggestions for the improvement of the security of systems.