Practically gauge the efficacy of security controls, employing an adversarial perspective by simulating an attack.
Network penetration testing can be performed from an internal or external perspective. External testing focuses on Internet facing and perimeter zones, while internal testing focuses on the customer’s internal networks. A penetration test, or adversarial threat simulation, takes the data gathered during a vulnerability assessment and is used to further demonstrate the real-world effects of system vulnerabilities. An attacker’s perspective is employed and vulnerabilities are exploited, or otherwise utilized to show the genuine risk to an organization that the findings represent. These types of tests help test the effectiveness of security controls and systems that are in place, and present a clear picture of an organization’s security posture. These tests also assist organizations to identify key areas in their security program that require enhancement, refinement, or reconfiguration. A penetration test is also frequently an effective way to test network monitoring and incident response based on whether the organization is able to identify and successfully respond to the threats presented. A report is produced showing all findings based on the attack chains successfully utilized during testing.
Web application security testing or Dynamic Application Testing consists of a hybrid approach of both automated and skilled manual analysis for built and hosted applications. Once a complete understanding has been obtained of both the scope and architecture of the target application(s), automated tools are carefully configured and monitored in an effort to comprehensively test the enabled security controls, meant to protect the application’s exposed user interface. Subsequent to automated analysis, targeted manual attack techniques are employed in order to validate the automated results and effectively evaluate the “real-world” impact of discovered vulnerabilities through proof-of-concept demonstrations.
The Rotas team uses several techniques to test the security of wireless access points and traffic across a customers’ network. “War-walking” is used to identify and map authorized or rogue wireless local area network (WLAN) access points and devices, and capture wireless traffic. Wireless traffic is analyzed to validate compliance with a customer’s organizational wireless policy with regard to service set identifier (SSID)’s, encryption, authentication and authorization. Wireless Penetration testing of the WLAN is conducted in an attempt to gain unauthorized access to the WLAN or wireless clients. The encryption, authentication, and authorization technology configured within access points is assessed during the testing. Also, the wireless client authentication and authorization process is tested for weaknesses.
Physical penetration testing is meant to gauge facilities’ resilience to unauthorized access. Non-destructive entry (NDE) testing is employed, and the efficacy of physical perimeter security controls is assessed. The goal of this type of assessment is to gain physical access to systems and data, by bypassing or otherwise circumventing traditional physical security measures. Activities include lockpicking, badge system cloning, tailgating, or otherwise finding a means to safely enter facilities, without raising alarm or engaging personnel.