Penetration testing

Pentest (penetration testing) is the analysis of company network resources security, which identifies information security problems and demonstrates available means of hacking and receipt of unauthorized access to critical IT- components and confidential information.

To request

Why do you need pentests?

Here are the reasons to order a pentest as soon as possible:

Expert evaluation of current security level

More

Compliance with industry standards requirements

More

What are advantages of pentests in practice?

(in compliance with the Confidentiality Agreement we do not disclose names of enterprises and personal data)

Pentest stages

Activities planning

Evaluation of assigned tasks, coordination of the activities with responsible executives,
subscription of official documents.

Stage duration: two working days.

Activities planning

Information systems inspection

Execution of manual checks and checks, performed with the use of cross functional
vulnerability scanners and specialized software, which allow to detect applications,
operational system and network infrastructure vulnerabilities.

Stage duration: 12 working days.

Information systems inspection

Detected vulnerabilities significance confirmation

Simulation of attacks, using vulnerabilities, detected earlier.

Stage duration: 3 working days.

Detected vulnerabilities significance confirmation

Development of recommendations on vulnerabilities elimination

Execution of an expert evaluation with the list of all detected vulnerabilities and detailed
plan of activities, aimed to eliminate them and minimize risk of attacks.

Stage duration: 3 working days.

Development of recommendations on vulnerabilities elimination

Service catalogue

Advantages

Activities profundity



A serious analytical work with deep understanding of detected vulnerabilities nature and readiness to the adaptation of existing methods and techniques of attacks execution for precise environment.

Report



A detailed report with specification of vulnerability appearance reasons and with an algorithm, necessary for correction of significant vulnerabilities.

Confidentiality



All information, received in the course of activities, is strictly confidential, and we are concerned about its non-disclosure to the third parties.

Competences

Experience

The company specialists are competent in traditional network attacks methods and have vast experience in implementation of activities, related to security analysis of:

- Cisco, Juniper, Huawei, Microsoft (AD Windows Server, SQL Server), Oracle platforms
- Web-services and web-applications
- Mobile applications for iOS and Android operational systems


Certificates

The staff includes employees, who obtained higher professional education under the specialist field of Information Security and who have the following certificates: Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP)

Detected vulnerabilities

CVE-2015-1010: Rockwell Automation RSView32​
CVE-2017-7907: Schneider Electric Wonderware Historian Client
CVE-2017-9627, CVE-2017-9629, CVE-2017-9631: Schneider Electric Wonderware ArchestrA Logger
- CVE-2018-18981: Rockwell Automation FactoryTalk Services Platform

News

Order pentest today!

Analytical center USSC
[email protected]