Penetration Testing
Irisk has been consistently delivering Penetration test projects for clients across the globe. Our range of penetration testing capabilities include – right from information gathering, foot-printing, vulnerability assessment, exploitation, and reporting. Our penetration testing practices encompass web applications, client-server applications, infrastructure, SCADA, ERP systems, mobile applications, wireless, social engineering, and a whole host of technologies and platforms.
Our Approach
Security vulnerabilities may be inherent in the network, which can be used(exploited) by an attacker to actually cause huge damage to your system. In order to identify such security threats, systems or applications has to be tested from an attacker’s point of view. Hence, our approach is to simulate the real world techniques adopted by an attacker against the vulnerable systems in a controlled environment to identify the loop holes in the system and fix them. After completion of penetration test we provide a detailed report consisting of threats and associated mitigation measures. We follow globally recognized standards and methodologies to ensure no entry points are left for an attacker to get in to your systems.
Types of Penetration Tests:
Some of the tests that we engage in are:
Web Application Security Testing
In this type of penetration test, we assess the security of the application by focusing on remotely exploitable vulnerabilities, application architecture, design and implementation. We also assess the controls with respect to user access, privilege levels, development and delivery, and overall design of the applications. This helps to give the total threat profile of your web application environment.
Network Penetration Testing
This type of a penetration test involves identifying the targets through Google searches, WHOIS, DNS queries, etc. Fingerprinting and identifying vulnerabilities. The exploitation of these vulnerabilities depends on whether it is part of the engagement or not. Limited exploitation is always done in terms of password guessing, directory traversals, file uploads, etc. Before going for stronger exploitation methods such as Denial of Service attacks, Buffer Overflow exploits, etc., we take prior written consent from the management so as to not to cause possible fallouts from the such exploitation methods.
Vulnerability Assessment
Maintaining confidentiality, integrity and availability of the service is very important whether it is your computers in the network, Web applications or network devices. Failure to do so can result in loss of business, customers & financial loss. Identifying these risks as soon as possible is critical for ensuring smooth running of the business at all times. The vulnerability assessment service provided by Irisk can help you identify the existing security issues in your organization. Be it your Servers, Databases, wireless network, wired network, or web applications, we have customized assessment solutions for you. At Irisk, we follow international standards as well as our own customized methodologies for assessing the vulnerabilities in the system & networks. Post completion of the assessment, Irisk provides with detailed analysis reports, which will present the existing security threats and measures to mitigate the same.