Pentest (penetration testing) is the analysis of company network resources security, which identifies information security problems and demonstrates available means of hacking and receipt of unauthorized access to critical IT- components and confidential information.
(in compliance with the Confidentiality Agreement we do not disclose names of enterprises and personal data)
We suspected the database leak. The pentest revealed how easy it is
to penetrate into our corporate network unnoticeably.
Upon the results of pentest execution we received an easy and
comprehensible activity plan, aimed to eliminate vulnerabilities.
There was no way to convince our management of budgeting increase
necessity. After the pentest execution our manager approved both the
budget and staff quantity increase.
The pentest imparted understanding of the current security situation
and of the work of my Information Security Department.
Evaluation of assigned tasks, coordination of the activities with responsible executives,
subscription of official documents.
Stage duration: two working days.
Execution of manual checks and checks, performed with the use of cross functional
vulnerability scanners and specialized software, which allow to detect applications,
operational system and network infrastructure vulnerabilities.
Stage duration: 12 working days.
Simulation of attacks, using vulnerabilities, detected earlier.
Stage duration: 3 working days.
Execution of an expert evaluation with the list of all detected vulnerabilities and detailed
plan of activities, aimed to eliminate them and minimize risk of attacks.
Stage duration: 3 working days.
Experience
The company specialists are competent in traditional network attacks methods and have vast experience in implementation of activities, related to security analysis of:
- Cisco, Juniper, Huawei, Microsoft (AD Windows Server, SQL Server), Oracle platforms
- Web-services and web-applications
- Mobile applications for iOS and Android operational systems
Certificates
The staff includes employees, who obtained higher professional education under the specialist field of Information Security and who have the following certificates: Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP)
Detected vulnerabilities
- CVE-2015-1010: Rockwell Automation RSView32​
- CVE-2017-7907: Schneider Electric Wonderware Historian Client
- CVE-2017-9627, CVE-2017-9629, CVE-2017-9631: Schneider Electric Wonderware ArchestrA Logger
- CVE-2018-18981: Rockwell Automation FactoryTalk Services Platform
