- About
Company Profile - White Paper
IT Security Articles - why focus on
Security?
Security is Important - Services
How Can We Help
You? - Contact
Contact details
Vulnerability Assessment – Platinum Package
Server Vulnerability testing using automated tools and Manual Hacking techniques and a Penetration Test
The combination of a manual and tools vulnerability assessment and a penetration test will provide you with the most accurate results possible. The main difference between the Platinum test and the other tests is that you will not only get a list of the vulnerabilities found which can be false positive, you will also be able to see which vulnerabilities i was able to exploit. This will show you the most up to date security status of your network, server and application.
Read More1Which tools are going to be used?
This question is difficult to answer for many reasons. My hacking tools arsenal has more then 100 different components. Each one of them can be used against different targets and in some cases I use combinations of a few different tools, some of which are commercial and some my own private hacking tools.
During the penetration test, i will use existing exploits available on-line and other commercial exploits available as professional hacking tools.
2How it works?
The most common question I get regarding the process is if I will try to exploit all the vulnerabilities found, and the answer is no. There are some vulnerabilities that have no exploits available, and some vulnerabilities that i will not exploit simply because it can put the server stability in high risk.
The test can take place on any day and at any hour that you would like. Usually, the best time to take the test is when the application is not busy and no maintenance work is scheduled.
As a certified hacker, I will use the most up to date knowledge and hacking tools exactly like hackers use, so you will get the best picture possible of your security level.
Once the test is done, i will analyze the results and produce a detailed report of all the vulnerabilities found and how to mitigate them (vulnerabilities found and solution per vulnerability) .
3How will the vulnerability test affect my application and service?
As a basic understanding, you must realize that your application and server are going to be attacked by hacking tools, exactly the same as a real hacker would use. The only difference is that during the vulnerability and penetration test, i will not attempt to do any damage. Usually those tools will not cause any problem if they are being used by a professional, but there is also the unknown factor that relates to the web server and application condition in the time of the test. The worst damage that I have seen so far is from a web server that needed to reboot or services that were turned off, but the law and my own integrity requires me to inform you that anything can happen and you must be prepared for it.
From the other side, if your application and web server are in bad condition, it is better that you know about it when you are ready for it and not when a hacker runs the same tools and surprises you.
4Any preparations prior the test?
Usually i recommend having an up to date backup of the application files, database and web server which should be available by default, every day. Besides that, if you have a system administrator in charge, he should be notified about this test and be available during the test. The idea is not changing the existing working environment or the applications, it is to have the proper resources available in case that unwanted error occurs during the test.
5How accurate is the test?
Penetration test is the most accurate test available, especially when a professional is running it using hacking tools and manual techniques. The only way to determine if a vulnerability found during the test is real, is by testing it manually by trying to exploit it, which is what the penetration test essentially is.
6How often do i need to run the test?
It is recommended to run a new test every 3-4 months, and every time the web server and/or application undergoes a significant change. The intervals relate to the fact that new vulnerabilities are being found every day, and running the test helps figure out if your web server or application is exposed to them.