Cyber Security Testing

Penetration tests evaluate the security of an IT system by simulating attacks, by exploiting existing and known vulnerabilities in a way similar with the attempts of an attacker, with the difference that they will be carried out in an ethical way, with the permission of the beneficiary.

A complete penetration test will include both automated and manual tests. Manual tests will identify programming errors and analyze and confirm or deny automated test results.

Penetration testing takes place in three main approaches: black box, gray box and white box:

1. Black box – in this situation the testing team will not know any information about the tested systems, except for the access information of the applications (web pages, IP addresses). This infrastructure will be used for external testing of the beneficiary.
2. Gray Box - in this situation the test team will not know information about the systems under test, but will have a user account at a workstation with certain roles. This hybrid approach is the most common form of penetration testing because the tester can simulate a systematic attack without needing to know every detail of the target systems.
3. White box – in this situation the test team will have access to any information about the systems, including source code or administrative privileges. This method allows for thorough testing, allowing security issues to be discovered faster and in greater numbers.

Our team uses specific equipment and applications and has strong experience in performing network level penetration testing including wireless, operating systems, databases and applications including web, mobile, client/server, cloud services, computer attacks simulating malicious applications and degradation/disruption of service (DoS, DDoS). Safetech has work procedures in accordance with the industry good practices, which reduce the risk of affecting the target IT systems.

Safetech Innovations uses a four-step approach to perform code review:

• Identifying the objectives of the code review - In this step we investigate the application architecture and the technology used, to find the key security specifications and threats. Based on these, we develop a document that describes the objectives of the code review. This includes a set of specific technologies and vulnerabilities to be reviewed by our experts.
• Performing a preliminary scan - In the second step we use, if possible, a static analysis scanner to uncover an initial set of code-level issues that might require a detailed manual check. Scanning involves a combination of static analysis and manual verification methods to identify vulnerabilities within the code - areas where the probability of having security breaches is above average.
• Performing a detailed inspection - Next, we move on to manually checking the code to identify defects that are difficult to discover using static analysis tools.
• Reporting results - The final stage of verification involves analyzing the problems caused by the application architecture. Finally, we document the problems identified and make recommendations for remediation.

Social engineering covers the human element of security, where assessors will attempt to access sensitive information by manipulating human psychology. Our team will determine how vulnerable are the beneficiary's employees to a potential social engineering attack and how likely they are to violate the rules and/or procedures of the company.

The phishing social engineering services offered by our company are designed to mimic attacks that malicious individuals might perform to obtain confidential information from your organization. Phishing is when a third party sends communications, most commonly via e-mail, from an apparently legitimate source - for example, impersonating an executive, colleague or service provider.

The proposed services are completed with the delivery of a full report of the findings and recommendations to mitigate the identified risks, which includes the number of messages sent, recipients, number of messages opened, number of completed forms. The report will include comparative statistics of the results obtained, compared to other campaigns carried out by Safetech Innovations, in order to have a real reference from the industry.