home
about us
products & services
analysis slash delivery slash testing slash operations slash awareness
news events
case studies
resources
contact us
* *
detailed penetration test previous servicenext service

headlines

how vulnerable are you to a dedicated, well-resourced attack by a determined hacker?

you may have unknown and undocumented points of access to the Internet

a professional hacker will target specific valuable corporate assets or attempt to effect maximum public embarrassment

the service simulates the dedicated attacker, testing the defences at the Internet gateway and within the network

report on vulnerabilities and their impact on your business


issues

Most commercial penetration testing services scan and test your Internet point-of-presence, your public gateway to the world-wide-web. These tests are useful in that they provide a "snapshot" of your current vulnerability to basic hacker attacks. What they do not do is tell you if you have unknown and undocumented points of access to the Internet or how vulnerable you are to a dedicated and well-resourced hack by a determined hacker.

It is also important to check your vulnerability to a determined attack by an insider, considering that 60-70% of organisations reporting incidents have suffered internal attacks according to reputable security surveys.

The potential impact of these security breaches is high. A professional hacker, will have a specific aim; valuable corporate information or attempting to effect maximum public embarrassment through defacing websites, data theft, confidential information exposure, etc.

approach

The approach builds on the basic point of presence penetration test with the addition of more time spent on areas such as research, more analysis carried out of the web server and applications, and vulnerability scanning within the network (behind the firewall), with the internal network being analysed for vulnerabilities.

The phases are:

  • research - check publicly available information about network addresses and IT deployment that could be of use to a potential attacker
  • enumeration - scan by appointment, stopping short of causing damage or disruption to systems
  • exploitation - identify the systems and architectural features - analyse the potential for successful attacks on the firewall
  • analysis/reporting - correlate with known vulnerabilities examine findings, inform client and reach conclusions on business impacts
customer benefits

commissum will produce a report indicating the vulnerabilities discovered and the impact on your business. The report will highlight:

  • recommendations for fixes of the vulnerabilities discovered
  • cost effective high value improvements
  • more comprehensively than the basic point of presence penetration test identifies areas of risk to your business and highlights their relative priority

To supplement the report, commissum also provide a follow-up presentation and interactive workshop. The aim is to work with the organisation to assist in development of realistic, focused and prioritised plans of action to address the recommendations.

This service simulates the action of dedicated hackers, testing the defences at the Internet gateway and within the network. The principle is that determined attackers will devote significant effort, and use sophisticated tools and techniques to penetrate the network.

Note: You can download details of this service as a Adobe Acrobat PDF by clicking on the button above. If you do not already have Acrobat Reader, you can download it for free from the downloads page.
point of presence
penetration test		 detailed
penetration test		 application
test		  
   
site map

slash

 terms & conditions © 2001-2008, commissum