PENETRATION TESTING
SERVICES

Four years of penetration testing and IT security work in general have taught us that no wall is unbreakable. We are going to find weak spots in yours ----- and help keep the attackers out, before any of your assets are damaged. 

WHY CONDUCT A PENETRATION TEST?

IDENTIFYING CRITICAL VULNERABILITIES

Unlike vulnerability assessment, penetration testing not only identifies vulnerabilities, but attempts to exploit them in order to evaluate their real-world level of impact.

DEVELOPING SECURITY MEASURES

Provided with insightful information about the identified vulnerabilities and their potential impact, implementation/development of reliable security measures is made possible.

SECURITY REGULATIONS COMPLIANCE

Your organization needs to comply with industry regulations, (ie. ISO 27001, NIST, FISMA, HIPAA, etc), and regularly conducted penetration tests are a requirement.

COST EFFICIENCY & BUSINESS REPUTATION

IBM's estimate of the average cost to a business done by a data breach is $3.86 million. Along with reputation impact, a company suffers massive financial and reputation
damage. 


ETHICAL HACKING TO PREVENT A POTENTIAL INTRUSION 

MS-WEB offers complete penetration testing services designed for identification of system vulnerabilities, validation of already existing security measures and providing of a detailed remediation road-map.

MS-WEB's team, equipped with the most recent tools and industry-specific test scenarios, is all set to deliver a comprehensive inspection to diagnose system vulnerabilities, as well as defects in application, service and operating system, loopholes in configurations, and potentially threatening non-compliance with security policies.

TYPES OF PENETRATION TESTING WE PROVIDE

NETWORK SERVICES PENETRATION TEST
CLIENT-SIDE PENETRATION TEST
REMOTE ACCESS SECURITY TEST
WIRELESS NETWORK PENETRATION TEST

WEB APPLICATION PENETRATION TEST

SOCIAL ENGINEERING TEST

PENETRATION TESTING METHODS WE APPLY

BLACK

BOX

We work in life-like conditions having strictly finite knowledge of your network and no information on the security policies, network structure, software and network protection used.

GRAY

BOX

We investigate your system having some information on your network, such as user login details, architecture diagrams or the network’s overview.

WHITE

BOX

We identify potential points of weakness by using administrator rights and access to server configuration files, database encryption rules, source code or architecture documentation.

THREE STEPS OF MS-WEB PENETRATION TEST

1

Pre-attack phase / Planning

2

Attack phase / Testing

3

Post-attack phase / Reporting

1.

Pre-attack phase / Planning

  • Defining the intruder model (internal/external, enabled rights and privileges).
  • Defining goals, source data, scope of work and targets of the test.
  • Determining the scope of a target environment.
  • Developing the testing methodology.
  • Defining interaction and communication proceeding.
2.

Attack phase / Testing

  • Fieldwork, service identification.
  • Custom scanning or intrusion tools are developed if needed.
  • Vulnerabilities detection and scanning, exclusion of false positives.
  • Vulnerabilities exploitation and obtaining an unauthorized access.
  • Utilization of compromised systems as a springboard for further intrusion.
3.

Post-attack phase / Reporting

  • Result analysis and reporting with recommendations for risk reduction.
  • Visual presentation of the damage that can be inflicted to the system by an intruder.
  • Additionally, we can also eliminate the detected vulnerabilities.

DELIVERABLES

  • Summarized description based on the accomplished results and findings.
  • List of detected system vulnerabilities and their classification according to difficulty of exploitation and harmfulness for the system and business.
  • List of changes in the system that were implemented amid testing.
  • Test protocol, including equipment and tools used, parts that were checked and issues found.
  • Actionable recommendations to eliminate the revealed security issues.

Among others, we have successfully found and reported security related bugs to:

Microsoft

Google

Facebook

Instagram

HOW MUCH WILL IT COST FOR YOUR PROJECT?

We shape the final price based on the number of targets and the required testing methods. We will be pleased to provide an estimate for your project.

© Copyright 2021 MS-WEB - All rights reserved.