{"id":2599,"date":"2015-02-11T11:13:12","date_gmt":"2015-02-11T09:13:12","guid":{"rendered":"http:\/\/innosec.gr\/?page_id=2599"},"modified":"2017-07-20T18:03:19","modified_gmt":"2017-07-20T16:03:19","slug":"penetration-testing","status":"publish","type":"page","link":"https:\/\/www.innosec.gr\/en\/services\/penetration-testing\/","title":{"rendered":"Penetration testing"},"content":{"rendered":"<div class=\"shortcode_tabs vertical_tabs\" data-rt-animate=\"animate\" data-rt-animation-type=\"fadeIn\" data-rt-animation-group=\"single\"><div class=\"tabs_wrap\"><ul class=\"tabs clearfix\"><li class=\"with_icon\"><a href=\"#\"><span class=\"icon-clipboard icon-large\"><\/span> Description<\/a><\/li><li class=\"with_icon\"><a href=\"#\"><span class=\"icon-ok-circle icon-large\"><\/span> Results \/ Benefits<\/a><\/li><li class=\"with_icon\"><a href=\"#\"><span class=\"icon-money icon-large\"><\/span> Cost<\/a><\/li><\/ul><div class=\"panes\">\n <div class=\"pane fluid\">\nThis service aims at performing an evaluation of the security level of the organisation&#8217;s information systems and the network infrastructure, by performing penetration tests against all its network infrastructure that comprises systems, applications, network equipment, web applications and databases. Any vulnerabilities concerning the organisation&#8217;s information systems are detected and the potential damage they can inflict, if exploited, is also estimated.<\/p>\n<p>The methodology according to which this service is applied, ensures the organisation&#8217;s uninterrupted operation, as well as the confidentiality and discretion of the results.<\/p>\n<p>Penetration testing includes:<\/p>\n<ul>\n<li>Composition of a complete inventory about the organisation&#8217;s resources and information systems.<\/li>\n<li>Evaluation of the network&#8217;s security level.<\/li>\n<li>Conduct of penetration tests and risk assessment of the organisation&#8217;s information systems and infrastructure.<\/li>\n<li>Training specialised personnel on the methodology of conducting penetration tests and on the use of appropriate tools.<\/li>\n<li>Forensics readiness.<\/li>\n<\/ul>\n<p><strong>Building blocks of this service<\/strong><\/p>\n<ul>\n<li>Risk analysis &#8211; Risk assessment.<\/li>\n<li>Black box external penetration testing.<\/li>\n<li>Black box internal penetration testing.<\/li>\n<li>White box external penetration testing.<\/li>\n<li>White box internal penetration testing.<\/li>\n<\/ul>\n<p><strong>Methodology<\/strong><br \/>\nThe methodology for conducting penetration tests is based on security scanners. Initially, a risk assessment is performed, so as to identify the resources that are of critical importance to the organisation, followed by a customised attack pattern tailored to the organisation&#8217;s infrastructure set-up, in order to evaluate the effectiveness of already-known types of attacks.<\/p>\n<p>The methodology includes the following stages:<\/p>\n<ul>\n<li>Identification of critical systems and applications.<\/li>\n<li>Information gathering for the target systems.<\/li>\n<li>Scanning of target systems for running services and open communication ports.<\/li>\n<li>Discovery of vulnerabilities.<\/li>\n<li>Exploitation of discovered vulnerabilities.<\/li>\n<\/ul>\n<\/div>\n <div class=\"pane fluid\">\n<ul>\n<li>Reinforces the protection of the network infrastructure and services.<\/li>\n<li>Consolidates a security culture within the organisation.<\/li>\n<li>Informs the competent executives about the vulnerabilities of the organisation&#8217;s systems and their ability to withstand attacks.<\/li>\n<li>Suggests specific measures for eliminating the detected vulnerabilities.<\/li>\n<li>Trains the specialised personnel appropriately, so that they can periodically perform penetration tests on their own.<\/li>\n<\/ul>\n<\/div>\n <div class=\"pane fluid\">\nDepends on the range of the network services\/infrastructure and the number of its services that will be tested.<br \/>\n<\/div>\n<\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":2,"featured_media":0,"parent":2588,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2599","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/pages\/2599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/comments?post=2599"}],"version-history":[{"count":1,"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/pages\/2599\/revisions"}],"predecessor-version":[{"id":2762,"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/pages\/2599\/revisions\/2762"}],"up":[{"embeddable":true,"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/pages\/2588"}],"wp:attachment":[{"href":"https:\/\/www.innosec.gr\/en\/wp-json\/wp\/v2\/media?parent=2599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}