Exosec Penetration and Web Application Testing
What Can You Expect?
A vulnerability assessment will be conducted across specified networks and IP addresses. This type of assessment can be considered as more of a ‘light touch’ test and primarily covers misconfiguration situations and patch level checking.
Network Penetration Testing:
Network penetration testing provides an in-depth security evaluation of your systems or networks from an attacker’s perspective. It includes detailed analysis of the target systems or networks using a combination of tools and extensive manual methods to enumerate as many flaws as possible in the time available.
Testing may involve active exploitation of discovered vulnerabilities.
Web Application Penetration Testing:
Web application penetration testing provides an in-depth examination of the security of a web application and its associated hosting environment. It includes detailed assessment using both automated and manual approaches enumerating as many flaws as possible, within application design and business logic.
What can you Expect?
The first and arguably most important phase of a test is the definition of the scope. The scope of the test is defined through discussion between Exosec and the client. During the definition of the scope, we agree the limitations to be placed upon the testing.
Enumeration and Testing:
The precise tests that are performed will vary depending on the nature of the engagement. Our consultants will only use ‘good practice’ methods that will not affect a machines availability or stability. Exosec understand the importance of communication and will ensure that any findings are explained in a real-world attack context with clear remediation advice.
Once the testing is complete further analysis of the results undertaken to identify trends and to allow for broad recommendations. The results are then used to create a highly detailed report.
The report is structured so that executive management, technical management, and technicians can all gain the information they need from sections specifically written for those roles. The report is electronically delivered following peer review and quality assurance.