Home
 
 

Penetration Testing

Penetration Testing is a process of identifying technical vulnerabilities in computer and networks. It is an in-depth evaluation identifying weaknesses as well as providing appropriate mitigation procedures required to either eliminate or reduce them to an acceptable risk level.

The ITPSS Penetration Testing team will simulate an attack from a malicious source to help identify any potential risks or threats to an organisation's Confidentiality, Integrity and Availability that may be found via the testing.

ITPSS' Penetration Testing method complies with the Institue for Security and Open Methodologies (ISECOM). All testing are based on the Open Source Security Testing Methodology Manual (OSSTMM).

Types of Penetration Testing:

Network Penetration Testing
This simulates attacks on the network side of an organisation's infrastructure.
The test includes finding out if it is possible to gain access to certain secure network services or even gain control of those services within the network.

Web Penetration Testing
This simulates attacks on an organisation's web infrastructure. The test includes finding out if it is possible to gain access to restricted web privileges or even take control of secured web services and manipulate data stored in a secure database.

Wireless Penetration Testing
This simulates attacks on an orgranisation's wireless infrastructure. The test includes finding out if it is possible to gain access to secured wireless acess points or even take control of the wireless infrastruture completely

Penetration Testing Approach:

Black Box Testing
This test simulates a real world malicious attacker scenario whereby no prior information or knowledge of the test infrastructure to be tested is provided by the customer.

White Box Testing
This simulates an attack from a person with knowledge about the infrastructure. The customer will provide information about the testing environment beforehand.

After every penetration test, a final report which includes an executive security review is provided for high level management, and a more technical detail report will be presented along with a summary presentation of all the findings discovered during the test.

  


 
 
 
 


 
Copyright © 2011 Information Technology Protective Security Services Sdn. Bhd. All rights reserved.