Skoda Minotti’s Penetration Security Solutions
Is your business an easy target for a data breach? How would you know without rigorous testing of your network and applications security? Businesses rely on access to data across multiple systems, all of which store and transfer valuable, sensitive information. From internal corporate networks to production web applications storing confidential data on behalf of customers, when unprotected systems are attacked, the cost can be staggering to your organization’s finances and reputation.
Skoda Minotti’s Risk Advisory Services specialists offer advanced network and web application penetration testing services. We also perform social engineering tests to protect your network, applications and employees to help you meet your security requirements.
Why Skoda Minotti Risk Advisory Services?
We offer a simple approach to a complex issue. Our streamlined processes and certified ethical hackers execute vulnerability and penetration tests daily, focusing on the risks that matter.
- Reduce and eliminate false positives through practical and hands-on attention from our testers
- Scanning as a Service lets us manage your internal and external vulnerability scanning. We do the heavy lifting and only notify you of results that need attention
- No outsourcing—all of our scans are conducted internally by one of our onshore staff
- Real-time support during normal business hours
- Reasonable pricing
Network penetration testing services:
- A network vulnerability assessment involves the identification and analysis of network assets to provide a current view of the potential vulnerabilities and threats to your network infrastructure.
- These assessments begin with a discovery process that utilizes commercial vulnerability scanners, as well as publicly available tools and utilities to develop a baseline profile of accessible services, ports, applications and systems as targets for further analysis.
- External – Performed from a black-box perspective on a defined network range that has been approved and determined to belong to your enterprise. An external scan provides a view of the network resources available to an outside intruder.
- Internal – Performed either using an unauthenticated or authenticated scan to inventory systems present on the internal network. An internal scan provides a view of the network resources available to an intruder who has successfully made it past the external defenses, as well as a potential internal threat.
- Once a baseline of information is gathered, a series of tests are run against the identified assets, services and ports to help determine the relevant vulnerabilities to the services, ports, applications and systems present throughout the assessed environment.
- Results are analyzed by our security analysts, ranked by risk and provided to you, along with remediation instructions.
- A network penetration test involves simulating real-world attacks to assist in eliminating false positives and determining the vulnerabilities and threats that pose a risk to your network infrastructure.
- Using the asset information previously identified during the vulnerability assessment, Skoda Minotti uses Core Impact, Metasploit, and a number of publicly available tools to perform a more in-depth analysis including manual probing to:
- Test identified components to gain access to the network:
- Network devices such as firewalls, routers and switches
- Network services such as web, DNS, email, FTP, etc.
- Determine possible impact or extent of access by attempting to exploit vulnerabilities
- Brute force passwords to identified components
- Collect evidence to validate the intrusion, including key documents, screenshots and system logs
Web Application Penetration Testing
- A web application vulnerability assessment involves the identification and analysis of web properties to provide a current view of the potential vulnerabilities and threats posed to your enterprise and its users. Both internal and external facing websites and applications can be considered a risk.
- These assessments begin with spidering a client website or application to identify the pages and forms available to users.
- Unauthenticated – Performed using a black-box approach where the most public level of access is used to identify weaknesses
- Authenticated – Performed using a white/grey box approach where various access roles are used to identify gaps in role-based access schemes and general weaknesses
- Once a baseline of information is gathered, a series of tests are run against the identified web pages and forms to help determine if OWASP and other vulnerabilities exist in the website or application.
- Sample of risk categories examined during an assessment:
- Configuration management
- Secure transmission
- Session management
- Data validation
- Denial of service
- Business logic flaws
- Weak or outdated cryptography
- Results are analyzed by our security analysts, ranked by risk and provided to clients, along with remediation instructions.
- A web application penetration test involves simulating real-world attacks in an attempt to exploit identified weaknesses in a website or web application.
- Using the baseline information previously gathered, Skoda Minotti uses Core Impact, Metasploit, Netsparker, and a number of publicly available tools to perform a more in-depth analysis, including manual probing, to:
- Test identified pages, forms, and input methods for a number of significant risks, including the OWASP Top 10:
- A1 Injection
- A2 Broken Authentication and Session Management
- A3 Cross-Site Scripting (XSS)
- A4 Insecure Direct Object References
- A5 Security Misconfiguration
- A6 Sensitive Data Exposure
- A7 Missing Function Level Access Control
- A8 Cross-Site Request Forgery (CSRF)
- A9 Using Components with Known Vulnerabilities
- A10 Unvalidated Redirects and Forwards
- Leverage the exploitable vulnerabilities to obtain unauthorized access to data, perform unauthorized transactions, or launch further attacks on end-users (if authorized)
- Collect evidence to prove the extent of the access obtained
- Results are analyzed by our security analysts and formulated into a report identifying successful attack vectors and the extent of the information obtained.
- Social engineering involves the psychological manipulation of people into performing actions or divulging confidential information, typically for the purpose of information gathering, fraud or system access. Results of the network and website/application vulnerabilities, in addition to publicly available information, are leveraged during a social engineering engagement.
- Using the results of the network and website/application vulnerability assessment or penetration test, if performed, in addition to publicly available information about a corporation through the use of Core Impact, Metasploit, and publicly available tools, we perform a more in-depth analysis, including manual probing, to:
- Test the level of employee security awareness to a variety of manipulation techniques, some of which include:
- Email phishing campaigns used to obtain employee access credentials or other key information
- Baiting employees to load a USB stick, CD or similar device into their computer containing a Trojan horse
- Tailgating employees to obtain physical access to secure areas of a facility
- Leverage the information or access obtained to collect evidence
- Results are analyzed by our security analysts and formulated into a report identifying the successful attack vectors, the end users who were compromised, the access obtained, and the evidence collected to assist management in the enhancement of their security awareness training programs.
- Black Box testing is conducted with limited information based just on the location of the system being evaluated. Testing beyond a Black Box approach includes reviewing system documentation, configuration records, and interviews with IT administrators and developers to create a security testing plan.
- Discovery is performed via open source and licensed tools to identify devices and vulnerabilities that will later be used for exploitation.
Gain Access and Take Control
- Automated tools and manual procedures will be performed to gain control of your systems. Testing procedures executed include confirmation and controlled exploitation of issues identified for both unauthenticated and authenticated test scenarios. For a Network and Web Application Penetration Test, testing is focused on those potential threats identified during the Discovery phase. The following list demonstrates potential areas (but not limited to) that may be tested depending on the Threat Analysis results:
- Input validation (SQL Injection, XSS, Canonicalization, CSRF, XPATH Injections, etc.)
- Session handling (Hijacking and Replay)
- Authentication / Authorization (brute forcing, bypassing authority routines, elevating privileges from non-premium to premium user, accessing unauthorized sensitive data)
- Cryptography (identifying weak algorithms, compromise of private keys)
- Error handling (information disclosure through system or application errors, graceful or fatal handling routines)
- Auditing and Logging (using repudiation, execution of successful attack without trace)
- Abuse of Functionality, API Abuse, Application Automation, Audit and Logging Controls, Authentication Deficiencies, Authorization Deficiencies, Buffer Overflows, Command Execution, Data Privacy and Integrity Controls, Data Validation and Sanitization, Denial of Service, Encryption Implementations and Key Management, Endpoint and Client Security Controls, File and I/O Handling, Injection Based Flaws, Network and Server Configuration, Race Conditions, Secure Channel Enforcement, Service Configuration and Security, Session Management, UI and Content Secure
- When available through successfully breaching and taking control, our security consultants will gather evidence to illustrate the ability to breach the different environments and describe what form of sensitive information was available for capture. All evidence gathered is tightly controlled, provided to your organization and removed from our systems.
Skoda Minotti’s IT Security Services provide:
- An understanding of real-world risks posed to the organization from the perspective of an attacker, going beyond the limitations of automated scanning
- An overview of an organization’s security posture and areas for improvement
- Detailed remediation guidance to secure systems against the identified vulnerabilities and consulting to help mitigate future issues
- A prioritized risk rating (DREAD framework) that takes multiple business-driven criteria into account
- Direct communication with an offensive security expert with years of industry experience and with direct access to the product teams of two of the most widely used internal and external vulnerability assessment and penetration testing applications
Test Positive. Skoda Minotti’s effective methodologies are time-tested and accommodate external and application testing requirements. Our enterprise-class vulnerability assessment tool follows key guidelines developed by OWASP, WASC, CLASP and MSDN. We serve many industries and associated providers, including:
- Software as a Service (SaaS)
- Payment gateways
- ACH processors
- Service providers
- Application service providers (ASPs)
- Managed service providers
Guarded Exploitation Guides Security
Skoda Minotti’s External Network and Web Application Penetration Assessment simulates real-world attacks to identify vulnerabilities and threats to the network infrastructure. Our assessments begin by building a baseline using Nexpose, Core Impace, and publicly available tools and utilities. We build a baseline profile of accessible services, ports and systems as targets for further internal or external penetration testing. In-depth analysis includes:
- Network devices – firewalls, routers and switches
- Network services – web, DNS, email, FTP, etc.
Why Skoda Minotti Risk Advisory Services?
We’re a full-service advisory firm with niche practice experience—and we are easy to work with. Our creative and talented consultants are committed to implementing the latest technology to build efficiencies. With more than 30 years of proven history in our field, we bring time-tested solutions and the latest innovations to your company. We also engage auditors with certifications such as CISSP, CISA, CISM, QSA and CIA, in addition to our on-site CPAs, in order to complete your company’s audit.
- Proven customer service
- High-quality deliverables
- Driven to meet project deadlines and expectations
- Reasonable pricing