SlideShare a Scribd company logo

Ethical Hacking Services

Virtue Security
Virtue Security

A short summary of ethical hacking services as well basic information on vulnerability assessments and the types of security tests we offer.

Related slideshows

Access control attacks
Access control attacksAccess control attacks
Access control attacks
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575Ethical hacking-ppt-download4575
Ethical hacking-ppt-download4575
 
1 of 8
July 2013ETHICAL HACKING SERVICES http://www.virtuesecurity.com
• Ethical hacking is the practice of simulating an attack against an application or network to identify security vulnerabilities. • The same tactics used by malicious hackers are used to identify vulnerabilities in application code and business logic. • Ethical hacking is much more than running a tool. Security testing requires thorough “manual” analysis. WHAT ARE ETHICAL HACKING SERVICES?
Ethical hacking services exist in two forms: • Vulnerability Assessments • Non-intrusive (no exploitation of vulnerable services). • Will not impact availability as a true attack would. • Cost effective way to determine vulnerabilities. • Most common and most valuable way to assess applications and networks. • Penetration Tests • Similar to a vulnerability assessment, but is taken a step further. • Often includes: login brute forcing, memory corruption exploitation, capturing user credentials, etc. • Yields results very close to a real life attack. VULNERABILITY ASSESSMENT VS PENETRATION TEST
During a vulnerability assessment thousands of unique attacks are performed. These will answer some of the following questions: • Can authentication be bypassed completely? • Can a user steal other users’ credentials? • Can the application be used to take control over the server? • Can a user perform functions intended for admin users? • Can a user force another user to perform an undesirable function? • Can a third party intercept data of application users? • Can business functions be abused to bypass intended application logic? WHAT TYPES OF ATTACKS ARE PERFORMED?
• Server Configuration • Are supporting infrastructure and application frameworks configured properly? Can an attacker abuse server software to obtain sensitive information or system access? • Information Disclosure • Does the application disclose unnecessary or sensitive information? Can an attacker leverage information disclosed to aid future attacks? • Authentication / Access Control • Can authentication be bypassed? Can a user impersonate another user or gain elevated access? • Encryption • Is data transmitted secured with strong encryption? • Business Logic • Can application logic be manipulated with logical and technical attacks? CATEGORIES OF ATTACKS
• Web Applications • Custom applications that handle sensitive information, perform business functions, use multiple user roles, or interact with untrusted sources. • Mobile Applications • Applications which allow user authentication or handle sensitive data. • Network Infrastructure • Externally facing network infrastructure is a critical line of defense between your network. Internal infrastructure may be attacked by malicious employees. • Wireless Networks • A direct point of access from someone in your parking lot to your internal network WHAT SHOULD BE TESTED?
Our vulnerability assessments follow proprietary methodologies. These combine hundreds of known attacks against application frameworks and functions. This also documents a manual process to identify points of weakness in logical and technical controls. Ethical hacking services are an art as much as a science. To hear more about our testing, please contact us directly. WHAT METHODOLOGIES ARE USED?
For more information about our ethical hacking services, please feel free to contact us: E: contact@virtuesecurity.com T: +1(347)-826-3330 W: http://www.virtuesecurity.com CONTACT

More Related Content

Ethical Hacking Services

  • 2. • Ethical hacking is the practice of simulating an attack against an application or network to identify security vulnerabilities. • The same tactics used by malicious hackers are used to identify vulnerabilities in application code and business logic. • Ethical hacking is much more than running a tool. Security testing requires thorough “manual” analysis. WHAT ARE ETHICAL HACKING SERVICES?
  • 3. Ethical hacking services exist in two forms: • Vulnerability Assessments • Non-intrusive (no exploitation of vulnerable services). • Will not impact availability as a true attack would. • Cost effective way to determine vulnerabilities. • Most common and most valuable way to assess applications and networks. • Penetration Tests • Similar to a vulnerability assessment, but is taken a step further. • Often includes: login brute forcing, memory corruption exploitation, capturing user credentials, etc. • Yields results very close to a real life attack. VULNERABILITY ASSESSMENT VS PENETRATION TEST
  • 4. During a vulnerability assessment thousands of unique attacks are performed. These will answer some of the following questions: • Can authentication be bypassed completely? • Can a user steal other users’ credentials? • Can the application be used to take control over the server? • Can a user perform functions intended for admin users? • Can a user force another user to perform an undesirable function? • Can a third party intercept data of application users? • Can business functions be abused to bypass intended application logic? WHAT TYPES OF ATTACKS ARE PERFORMED?
  • 5. • Server Configuration • Are supporting infrastructure and application frameworks configured properly? Can an attacker abuse server software to obtain sensitive information or system access? • Information Disclosure • Does the application disclose unnecessary or sensitive information? Can an attacker leverage information disclosed to aid future attacks? • Authentication / Access Control • Can authentication be bypassed? Can a user impersonate another user or gain elevated access? • Encryption • Is data transmitted secured with strong encryption? • Business Logic • Can application logic be manipulated with logical and technical attacks? CATEGORIES OF ATTACKS
  • 6. • Web Applications • Custom applications that handle sensitive information, perform business functions, use multiple user roles, or interact with untrusted sources. • Mobile Applications • Applications which allow user authentication or handle sensitive data. • Network Infrastructure • Externally facing network infrastructure is a critical line of defense between your network. Internal infrastructure may be attacked by malicious employees. • Wireless Networks • A direct point of access from someone in your parking lot to your internal network WHAT SHOULD BE TESTED?
  • 7. Our vulnerability assessments follow proprietary methodologies. These combine hundreds of known attacks against application frameworks and functions. This also documents a manual process to identify points of weakness in logical and technical controls. Ethical hacking services are an art as much as a science. To hear more about our testing, please contact us directly. WHAT METHODOLOGIES ARE USED?
  • 8. For more information about our ethical hacking services, please feel free to contact us: E: contact@virtuesecurity.com T: +1(347)-826-3330 W: http://www.virtuesecurity.com CONTACT