The aim of penetration testing is to reveal any vulnerabilities of the target information system, to determine the manner of their potential misuse and to make recommendations leading to their correction. To provide a comprehensive view of the condition of the infrastructure security and the application environment which may be used, for example, as an input in the risk analysis.
This is done by testing and simulating various attacks against the system, both internal and external. The aim of the penetration testing is not to solve security issues, but instead to test, evaluate the level of security and submit a summary report, both at the technical level (settings for open ports, system versions) as well as at the organisational measures level (fraud and social engineering by employees).
Some of the most frequent causes of IS vulnerabilities include, but are not limited to:
- Failure to comply with applicable standards (RFC, W3C, ISO)
- Inconsistent configuration of equipment (unnecessary/unused network services permitted, weak encryption)
- Inadequate system topology
- Lack of knowledge of management / proper operation
During the penetration test, we try to penetrate the target information system and determine (if possible) all processes and areas where such an attack could actually be carried out
In principle, for example, the following methods may be used for the penetration tests:
- OWASP – Open Web Application Security Project
- ISO/IEC 27001 / Cyber Security Act
Why choose EZÚ
- Expert auditors with many years of experience.
- Highly professional personnel.
- Comprehensive solutions.
- Cooperation with renowned external entities.
Reasons for certification
- Certainty of information system security