×

PENETRATION TEST

By doing Penetration Test, you can get insightful information about identified security gaps
and maximize protection for valueable business asset from CyberAttack, reduce downtime cost,
and gain more trust from customer with a reliable security level.

Penetration Test are recommended
for every companies who wants to :

Perform vulnerability scanner on a scheduled basis
Improve and test IT security implementation
Understand on which area to invest to increase security level
  • Intelligence Gathering

    Intelligence
    Gathering

  • Hospitality

    Threat
    Modeling

    Vulnerability Analysis

  • Telecommunication

    Exploitation

    Post-Exploitation

  • Government & Public Services

    Documentation

    Reporting

Penetration Testing Execution Standard (PTES)

APPLICATION LAYER TESTING

OWASP Testing Guide: Web Application Security

This guide is divided into passive and active mode. The former will try to determine
all entry points of the application (HTTP headers, parameters and cookies)
in a non-intrusive manner, and includes 10 controls defined in information gathering,
while the active mode is split into 10 sub-categories for a total of 90 controls.

INFORMATION GATHERING

Finding the entry points Reconaissance Analysis of Error Codes

CONFIGURATION MANAGEMENT TESTING

HTTP methods & SSL Configuration analysis infrastructure & Server level vulnerabilities identification

AUTHENTICATION TESTING

Enumeration techniques & Brute Forcing Access restrictions testing

SESSION MANAGEMENT TESTING

Session fixation & session management vulnerabilities

AUTHORIZATION & ACCESS TESTING

Path travelsal & user management testing Access & document control testing

DATA VALIDATION & TESTING

Attacking the application Exploiting & compromise possibility testings

RESILIANCE & OTHER TESTING

DOS Testing
DDOS Testing
Web Firewall Testing
Web Server Testing

IDENTIFICATION & CLASSIFICATION

Performing OWASP testing
Analyzing OWASP testing

REPORTING

Classification of Vulnerabilities based on risk & priority

NETWORK-LAYER TESTING

Since most protocols are well-defined and have standard modes of interaction, network-layer testing is more suitable for automated testing. This makes automation the first logical step in a network-layer test. Because of such standardization, tools may be used to quickly identify a service, a software’s version, test for common misconfigurations, and even identify vulnerabilities. Automated tests can be performed much faster than could be expected of a human.

However, simply running automated tools does not satisfy a pentest needs. They cannot interpret vulnerabilities, misconfigurations, or even the services exposed to assess the true risk to the environment. They only serve as a baseline indication of the potential attack surface of the environment. Therefore, using the documentation provided by the organization during the pre-engagement, we should verify that only authorized services are exposed at the designated perimeter, and attempt to bypass authentication controls from all network segments where authorized users access the segmented network, as well as segments not authorized to access the internal environment.

Other CyberSecurity Assessment Services

Security Assessment
  • Vulnerability Assessment
  • Penetration Test
  • Red Team Assessment
Intrusion Analysis and Computer Forensics Invetigation
  • Analysis of intrusion
  • Fraud investigation (related to intrusion event)
  • Computer foresics for digital evidence
Compliance Audit
  • Bank Indonesia and Financial Authority Regulation Audit Compliance
  • ISO 27001:2013 and Indeks KAMI
  • enter for Internet Security Critical Security Controls Audit
Training
  • Hacking Academy
  • Online Training (available soon)
Schedule your penetration test with us, Now
GET FREE QUOTE

Get a Free Quote

 

Tell us about your interest and concern to help our team provide the best solution for your company

Valid.
Please fill out this field.

We would like to contact you as soon as possible. Your personal information won't be shared.

Valid.
Please fill out this field.