PENETRATION TESTING & VULNERABILITY ASSESSMENT

PEN Test Planning:

Information Gathering is an information gathering techniques and tools designed for extracting metadata of public documents (pdf,doc,xls,ppt,odp,ods) available in the target/victim websites.

Network Mapping Is the process of gathering information in order to identify and understand the internal working of systems? It is important:

  • To determine what the network looks like logically, understand the information and construct network map
  • To find out available resource and processing time
  • To identify weaknesses

Vulnerability Identification, there is no definitive list of all possible sources of these system vulnerabilities, anything can be system vulnerabilities!

  • Poor security management
  • Incorrect implementation
  • Social engineering
  • Poor design
  • Human factors
  • Operation system

Exploitation and Launching of Attacks: After the vulnerabilities are identified on the target system, it is then possible to launch the right exploits. The goal of launching exploits is to gain full access of the target system.

Reporting: After the completion of the penetration test, it is important to get user-customized reporting suites for a technical and/or management overview. This includes the executive summary, detailed recommendations to solve the identified vulnerabilities, and official security ID numbers for the vulnerabilities.

Vulnerability Assessment

In response to this security trend, Mentari Setia offers a complete suite of vulnerability assessment services that enables companies to identify critical security threats that may expose their data to an unauthorized third party. Many companies are poorly equipped to take on the task of identifying their infrastructure pain-points and therefore, find themselves at a high risk for cyber attacks and data breach.

Examples of the services provided include:

  • External Network Perimeter Vulnerability Assessment
  • Internal Network Vulnerability Assessment
  • Active Directory Reviews
  • WLAN Assessments
  • VoIP Assessments
  • OS Patch Management Assessment
  • Device Configuration Management Review
  • Source Code Review of Company Developed Applications