Penetration Testing for Everything Digital System
External Network Security Tests
DNS
. Determining the DNS Server
. Zone Transfer Tests
. Reading records with DNS Bruteforce
. DNS Subdomain Detection
. DNS Cache poisoning tests
Detection of Institutional IP Blocks
Detection of Institution Whois Information
D. Email Tests
. Email Header Analysis
. Fake Email Access tests
. E-Mail Server Vulnerability tests
. Email account password tests
. Email Server Malware tests
. SMTP Relay Tests
. Blacklist Controls
E. Mapping of Open Systems to the Internet
. Identifying services open to the Internet
. Tests for Weaknesses of Services
. Password tests to services
. Tests for the weaknesses of services
Detection of the Employees of the Institution
G. Corporate Website Information Gathering
. Email Header Analysis
. Fake Email Access tests
. E-Mail Server Vulnerability tests
. Email account password tests
. Email Server Malware tests
Physical Security Tests
. Server room
. Working places
. Network infrastructure
Social Engineering Tests
. Computer based social engineering tests
. Human-based social engineering tests
. Application of phishing methods and detailed reporting
I. Wireless Network Penetration Tests
. SSID Detection
. Detecting Encryption Types
. Detecting clients connected to the Wireless Network
. Wireless Network Listening tests
. Password tests against WEP Encryption
. Password tests against WPA & WPA2 Encryption
. Password tests against WPA Enterprise Encryption
. Password tests against 802.1x Encryption
. WPS Service tests
. Fake Access point tests
. Wireless Distortion tests
. Password security tests with corporate services
J. Tests of Open Systems Against DOS Attacks
. SYN Attack
. ICMP DOS Attack
. HTTP DOS Attack – GET, POST
. DNS Dos Attack
. UDP Dos Attack
. Smurf Attack
. DNS Elevated Attacks
. Web Application Load Tests
K. Web Software Tests
. Data entry controls
. Output controls
. Performing authentication tests
. Session management and authorization tests
. Cross-site scripting (XSS) tests
. SQL injection tests
. Command injection tests
. Performing error management tests
. CSRF Tests
. WAF Detection
. WAF Jump tests
Internal Network Security Tests
Detecting the Systems in the Network
. Network mapping.
. Identifying operating systems in the network.
. The roles of the detected systems and devices.
. Detection of open ports on active systems.
. Detection of services running on open ports found.
Vulnerability Scan
. Testing the detected services and systems against weaknesses
. Unauthorized access to the system using the detected weaknesses
C. Testing IDS, IPS, Firewall, Content Filtering & Similar Security Applications.
. Detection of authorized network traffic
. Filtering bypass tests
. Controls of guest access policies
D. Control of Internet Access Security Within Institutional Security Policies.
E. Control of Anti Virus & Anti Spam Software
F. Network Listening & Password Security Tests
. Harp Poisoning tests
. Network Protocol usage analysis
. Separating important data from network traffic
. Session stealing tests
Password Policy Controls
Screen Crash Policy Controls
End User Tests
. Power Up Tests
. Usb and CD Usage Policy
. Boot controls
. Filtering bypass tests
. Usage areas password detection
I. File Access & Controls
. Unauthorized access controls
J. Database Server Tests
. Database access password attempts
. Unauthorized access tests
. Myssql
. Mssql
. Oracle
. Sybase
. IBM Db2
In addition, the following checks are made:
DDOS, TCP SYN flood attack, Teardrop, Smurf, Ping of death, Botnets, MitM, Session hijacking, Ip Spoofing, Replay, Phishing and spear phishing, Drive-by, Password, SQL injection , Cross-site scripting(XSS), Eavesdropping, Malware attack, File infectors, System or boot-record infectors, Polymorphic, Trojans, Logic bombs, Droppers
The completion time of your tests is a minimum of 7 days