A penetration test(Pen Test) attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.
Penetration testing typically includes network penetration testing and application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.
We at vcs-inc Categorize ourselves into two teams while conducting pen tests, this are:
- a) Red Team - The attackers who comprises of a team of talented ethical hackers who perform pentests of information systems with no or very limited access to organization's internal resources
- b) Blue Team - This team on the other hand has access to all the organisation's resources and information thus their primary goal is to detect and mitigate red team activities and anticipate how surprise attacks might occur
Phases of Penetration Testing
- a) Pre-attack Phase - Network information gathering and reconnaissance
- b) Attack Phase - Where actual pentests take place whereby we acquire the target and escalate privileges
- c) Post-Attack Phase - We review interviews and conduct threat and risk Analysis to analyze effectiveness of existing security policies.
Types Of Pentests we Conduct
Web Application Testing
Securing your organization with web application testing
Web applications are frequently the weakest link in your organization’s security. Because they are available 24/7 to customers, employees and suppliers, they are also accessible around the clock to hackers who can exploit vulnerabilities to gain access to confidential back-end data.
Wireless networks provide many benefits to businesses. Because it uses unbound media, it has many vulnerabilities. Wireless penetration testing identifies security vulnerabilities specific to a wireless environment that an attacker could exploit.
For those clients who would like a discrete and special penetest conducted to their systems, not to worry we have you covered at vcs-inc.
The growth of cloud has led to some interesting angles on pen testing. Cloud-based applications need to be pen tested, as do their on-premises counterparts. vcs-inc has had experience is testing many of the larger Cloud based environments including Amazon’s EC2 environment, Rackspace Managed Cloud and Microsoft’s Azure platform. In addition, the methodologies and approaches gained within these environments gives us the insight in to how to test other cloud based services
Mobile Device Testing
Mobile applications and the devices upon which they run have quickly become a core part of everyday technology. With such a surge in mobile application development, attack surfaces have increased remarkably, and so there is a need for mobile application penetration testing.We use Kali Linux and android emulator to do mobile penetration testing.
Technology Testing Services
New technology arises everyday worlwide and thus a dire need to ensure the new technology is safe and hackproof. thats where vcs-inc comes in, your trusted cybersecurity solution.
Network Penetration Testing
This is a red team responsibility at vcs-inc whereby network penetration testing service utilizes a comprehensive, risk-based approach to manually identify critical network-centric vulnerabilities that exist on all in-scope networks, systems and hosts. Our approach is via the following step by step methods: Information gathering , Threat Modelling, Vulnerability Analysis, exploitation, Post-exploitation then Reporting
Firewalls Prenetration Testing
Modern firewalls from major vendors, by default today, have a strict rule set that generally is fairly secure. Vendors are much more security aware than in previous years and products now thankfully reflect a more security conscious environment and internet. Various testing is still required to ensure the rules in place are operating as they should or to test and locate areas of improvement in configuration.After obtaining a general assessment of a firewall and its rules, corrections to rules can be updated as appropriate.