Penetrationtests
In a penetration test we simulate the strategical and technical actions of a real world hacker (Ethical Hacking) with the goal of getting unauthorized access to systems, applications and sensitive information.
In contrast to classic security audits which only cover the identification and documentation of specific vulnerabilities the penetration test focuses on (ab)using found weaknesses (Proof of Vulnerability). The advantage of this approach is the immediate verification of vulnerabilities and the elimination of "False Positives".
A penetration test involves the careful use of automated tools as well as manual testing, in order to evaluate the level of security from internal as well as from an external point of view.
Penetration tests have multiple characteristics:
- Web Application Tests
- Client- und Server-Systems
- Network Components
- WLAN, Bluetooth, RFID
Social Engineering
Social Engineering is a special kind of penetration test. It is a technique which is based on the manipulation of individuals (e.g. pretending to be a "trusted" person) in order to gain access to confidential information.
Especially in combination with technical attacks this kind of penetration test has turned out to be a very efficient.
Examples:
- Infiltration by Trojans, which are placed as Email-Attachements or "lost" USB sticks
- Bypassing physical access controls
- Collecting confidential information from printers or even containers (Dumpster Diving)
- ...
Social Engineering tests are also recommended in conjunction with awareness trainings.