Mergen Services


What is Penetration Test ?

Penetration testing is a attack simulation from inside or outside the system to see vulnerabilities and take protection before the real attack occurs.

Why Perform Penetration Testing?

To keep security skills of the company at high level - To see attacks from outside and take protection - To keep secure of the system investment - To prevent information loss that can be caused by security vulnerabilities

Types of Penetration Test

Black Box; testing assumes no prior knowledge of the infrastructure to be tested. (Simulating outside attackers) .

White Box; White box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. (Simulating employees)

Grey Box; testing analyzes possible potential harm to the system from unauthorized user in internal network.

Pentest Cheklist

External Network Security Tests

A. DNS

  • Determining the DNS Server
  • Zone Transfer Tests
  • Reading records with DNS Bruteforce
  • DNS Subdomain Detection
  • DNS Cache poisoning tests

B. Detection of IP Blocks

C. Detection of Whois Information

D. Email Tests

  • E-Mail Title Analysis
  • Fake E-mail Access tests
  • E-Mail Server Vulnerabilities tests
  • E-mail accounts password tests
  • E-Mail Server Malware testing
  • SMTP Relay Tests
  • Blacklist Controls

E. Mapping of Open Systems

  • Detection of services open to the Internet
  • Testing of weaknesses of services
  • Password tests for services
  • Testing the weaknesses of services

F. Employee Identification

G. Website Information Gathering

  • E-Mail Title Analysis
  • Fake E-mail Access tests
  • E-Mail Server Vulnerabilities tests
  • E-mail accounts password tests
  • E-Mail Server Malware testing

- Physical security tests

  • Server Room
  • Workspaces
  • Network infrastructure

- Social engineering tests

  • Computer based social engineering tests
  • Human-based social engineering testing
  • Phishing methods application and detailed reporting

I. Wireless Network penetration tests

  • SSID Detection
  • Detection of Encryption Types
  • Detecting clients connected to Wireless Network
  • Wireless Network Listening tests
  • Password testing against WEP encryption
  • WPA & WPA2 Cipher tests against encryption
  • WPA Enterprise Cryptographic password testing
  • Password testing against 802.1x encryption
  • WPS Service tests
  • Fake Access Point Tests
  • Wireless Signal Distortion tests
  • Password security tests with corporate services

Tests of Open Systems Against DOS Attacks

  • SYN Attack
  • ICMP DOS Attack
  • HTTP DOS Attack - GET, POST
  • DNS Dos Attack
  • UDP Dos Attack
  • Smurf Attack
  • DNS Elevated Attacks
  • Web Application Installation Tests

K. Web Software Tests

  • Analysis of data entry forms
  • Analysis of data output
  • Performing authentication tests
  • Session management and Authorization tests
  • Cross-site scripting (XSS) tests
  • SQL Injection tests
  • Command Injection tests
  • Error management tests
  • CSRF Tests
  • WAF Detection
  • WAF Jumping tests

Internal Network Security Tests

A. Detection of active systems.

  • Network mapping.
  • Determin the operating systems at the Network.
  • The roles of detected systems and devices.
  • Detecting open ports.
  • Determin the services on open ports.

B. Detecting Vulnerabilities

  • Testing of vulnerabilities.
  • Unauthorized access to the system using the identified vulnerabilities

C. Testing IDS, IPS, Firewall, Content Filtering & Similar Security Applications.

  • Determination of authorized network traffic
  • Filtration bypass tests
  • Controls for guest access policies

D. Company internet access policies tests.

E. Control of Anti Virus and Anti Spam software.

F. Network sniffing and password security tests.

  • Arp Poisoning tests
  • Network Protocol usage analysis
  • Extracting important data from network traffic
  • Session replay tests

G. Password Policy Controls

H. Display Crash Policy Controls

I. End User Tests

  • Privilege Escalation Tests
  • Usb and CD Usage Policy
  • Boot controls
  • Filtering bypass tests
  • Usage areas password detection

I. File Access & Controls

  • Unauthorized access controls

J. Database Server Tests

  • Database access password attempts
  • Unauthorized access tests
  • MySQL
  • MSsql
  • Oracle
  • Sybase
  • IBM Db2

Penetration Test Standards

Bg-Tek Penetration tests are compatible with industry standart certification programs and standards. CEH, LPT (Eccouncil) , CISSP (ISC2), CPT (IACRB), PCI, PTES,TIGERSCHEMA, OWASP, ISACA, OSSTMM, CREST

REF:

https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf

http://www.pentest-standard.org/

https://www.pcisecuritystandards.org/pdfs/infosupp_11_3_penetration_testing.pdf

https://statik.tse.org.tr/upload/tr/dosya/icerikyonetimi/2224/01042015105039-3.pdf

Penetration Test Reporting

During the test

  • Transactions is reported in the end of working hours on a daily basis
  • .Vulnerabilities and Exploits
  • .To reach unauthorized data and traffic abnormalities

After Test

  • After penetration test the vulnerabilities and the solutions are reported.
  • Includes Determination of security policies and contains suggestions for implementation.

Test

Once the security test has been completed and the report has been submitted, the institution may request a re-verification test, stating that the weaknesses have been closed. Verification test The safety test is applied to verify whether the detected weaknesses in the results report are detected again.