Menu Close

PENETRATION TESTING

During the penetration testing AXEN uses the official guide of the German Information Security Agency (BSI) and the OWASP testing methodology. The tests are conducted by an ethical hacker holding industry leading (OSCP and CEH) certifications.

WHAT IS A PENETRATION TEST?

Penetration test is a technical assessment designed to meet specified requirements like stealing company data, gaining administrative access on company servers or simply penetrate a secure system.

The penetration test simulates a real life hacker attack, without the unpleasant consequences. The assessor makes a well documented penetration test report, which helps the technical employees to secure the system. After the requested modification, the tester verifies the mitigation of the vulnerabilities.

WHAT ARE THE ADVANTAGES OF A PENETRATION TEST?

The offensive testing is the most efficient way to assess the secured system/application/device. It tests the implementation of theory into practicality.

A data breach has a great fiscal cost and the loss of confidelity is an even bigger concern. Penetration testing on a regular basis helps to decrase this Risk.

If you belive your system is secured, then it is the right time to conduct a penetration test.

AXEN is conducting tests in the following areas:

  • Web applications
  • Mobile applications
  • Infrastructure
  • Wireless networks
  • Internet of Things Devices

The following risks can be mitigated by a penetration test:

  • Vulnerabilities in OS
  • Lack of patch management
  • Web application vulnerabilities
  • Mobile Application vulnerabilities
  • IoT Device vulnerabilities
  • Insecure Wireless Network
  • Weak passwords
  • Dangerous user behavior
  • BSI Guide
  • OWASP Guide
  • OWASP Top 10
  • SANS Top 25

 

The assessor has no prior knowledge about the target. It simulates a real life hacker attack, including the reconnaissance.

The assessor has some prior knowledge about the target like IP addresses and used technologies.

The assessor has every knowledge about the target including source codes, administrative access.