Ethical Hacking Services
- 2. • Ethical hacking is the practice of simulating an attack
against an application or network to identify security
vulnerabilities.
• The same tactics used by malicious hackers are used to
identify vulnerabilities in application code and business
logic.
• Ethical hacking is much more than running a tool. Security
testing requires thorough “manual” analysis.
WHAT ARE ETHICAL HACKING
SERVICES?
- 3. Ethical hacking services exist in two forms:
• Vulnerability Assessments
• Non-intrusive (no exploitation of vulnerable services).
• Will not impact availability as a true attack would.
• Cost effective way to determine vulnerabilities.
• Most common and most valuable way to assess applications and
networks.
• Penetration Tests
• Similar to a vulnerability assessment, but is taken a step further.
• Often includes: login brute forcing, memory corruption
exploitation, capturing user credentials, etc.
• Yields results very close to a real life attack.
VULNERABILITY ASSESSMENT VS
PENETRATION TEST
- 4. During a vulnerability assessment thousands of unique attacks
are performed. These will answer some of the following
questions:
• Can authentication be bypassed completely?
• Can a user steal other users’ credentials?
• Can the application be used to take control over the server?
• Can a user perform functions intended for admin users?
• Can a user force another user to perform an undesirable function?
• Can a third party intercept data of application users?
• Can business functions be abused to bypass intended application
logic?
WHAT TYPES OF ATTACKS ARE
PERFORMED?
- 5. • Server Configuration
• Are supporting infrastructure and application frameworks configured
properly? Can an attacker abuse server software to obtain sensitive
information or system access?
• Information Disclosure
• Does the application disclose unnecessary or sensitive information?
Can an attacker leverage information disclosed to aid future attacks?
• Authentication / Access Control
• Can authentication be bypassed? Can a user impersonate another user
or gain elevated access?
• Encryption
• Is data transmitted secured with strong encryption?
• Business Logic
• Can application logic be manipulated with logical and technical
attacks?
CATEGORIES OF ATTACKS
- 6. • Web Applications
• Custom applications that handle sensitive information, perform
business functions, use multiple user roles, or interact with
untrusted sources.
• Mobile Applications
• Applications which allow user authentication or handle sensitive
data.
• Network Infrastructure
• Externally facing network infrastructure is a critical line of defense
between your network. Internal infrastructure may be attacked by
malicious employees.
• Wireless Networks
• A direct point of access from someone in your parking lot to your
internal network
WHAT SHOULD BE TESTED?
- 7. Our vulnerability assessments follow proprietary
methodologies. These combine hundreds of known attacks
against application frameworks and functions. This also
documents a manual process to identify points of weakness in
logical and technical controls.
Ethical hacking services are an art as much as a science. To
hear more about our testing, please contact us directly.
WHAT METHODOLOGIES ARE USED?
- 8. For more information about our ethical hacking
services, please feel free to contact us:
E: contact@virtuesecurity.com
T: +1(347)-826-3330
W: http://www.virtuesecurity.com
CONTACT