Services - Red Offering
Vulnerability Assessment & Penetration Test
Vulnerability Assessment and Penetration Test
are fundamental to measure a company’s security posture and to
identify most of the potential risks in time.
SKIT Security Assessment aims to:
- reveal any possible flaws in the systems/targets
- understand the real impact and damage for the company
- define the correct countermeasures.
Methodology
This approach reduces false positives and ensures that automatic scans are always augmented by a highly skilled human factor.
Our security experts use
globally recognized penetration testing standards, as well
as own proprietary methodologies, among the main ones:
- PTES (Penetration Testing Execution Standard)
- OSTTMM (Open Source Security Tester Methodology Manual)
- OWASP (Open Web Application Security Project)
Network Penetration Test
We identify and classify
vulnerabilities of a system or a network that, if exploited, could
allow unauthorized access to Company’s sensitive data or even
take-over systems for malicious/non-business purposes.
Web Application Penetration Test
We evaluate the security of web sites and application services to
reveal the exposure to both internal (e.g.: malicious employees) and
external attackers (e.g. malicious users and anonymous attackers).
Mobile Penetration Test
We provides a
security posture’s review of a mobile application (both Android and
iOS platform) to be aware of how a real hacker penetrates and
retrieves confidential data. Similar to the Web Application assessment
in workflow, we add the validation of authentication, session
management, access control, malicious input handling, cryptography at
rest, and much more.
Wireless Penetration Test
We
check for vulnerabilities inherent to common authentication and
encryption protocols such as WEP, WPA and 802.1x to obtain any
unauthorized wireless access. Checks will also be carried out to
identify unauthorized rogue Access Points.
IoT Penetration Test
We check for
vulnerabilities inherent to common authentication and encryption
protocols such as WEP, WPA and 802.1x to obtain any unauthorized
wireless access. Checks will also be carried out to identify
unauthorized rogue Access Points.
- Authentication/Authorization process
- Network Services analysis
- Encryption strength
- Mobile Interface
- Software/Firmware security analysis
OT Penetration Test
Nowadays, SCADA/DCS environments
have become IP enabled and interfaced to IP gateways, with
consequent cyber risks also to these environments.
The first stage of the test is to understand the technologies in use, which can vary significantly, from old proprietary solutions to more modern web-based interfaces, with or without additional authentication solutions (embedded web gui interface, 104, modbus, etc.).
Once the solution is understood, we evaluate the potential attack vectors, develop an appropriate test plan and proceed testing. This is all conducted with particular attention of not interfering to the availability and integrity of the process (both through active analyses, where possible, and passive).
The first stage of the test is to understand the technologies in use, which can vary significantly, from old proprietary solutions to more modern web-based interfaces, with or without additional authentication solutions (embedded web gui interface, 104, modbus, etc.).
Once the solution is understood, we evaluate the potential attack vectors, develop an appropriate test plan and proceed testing. This is all conducted with particular attention of not interfering to the availability and integrity of the process (both through active analyses, where possible, and passive).