Internal Infrastructure, Computer Networks, Wireless Networks

Infrastructure testing is a penetration test that focuses on assessing the vulnerabilities of computer systems, network devices and IP address ranges to identify vulnerabilities that could be exploited. Testing should be conducted both from outside the organisation and from within the organisation.

Infrastructure testing can also be used to test whether the organisation is complying with security policies and how effectively it can respond to security threats. 

Testing can also provide assurance that the systems and security controls being tested have been configured in accordance with security best practices and that there are no vulnerabilities in the target system at the time of testing. If any vulnerabilities are found, they need to be addressed before an attack or security breach occurs.

Computer and wireless networks

In a penetration test of computer and wireless networks, the penetration tester examines the network environment for security vulnerabilities. Network penetration tests can be further divided into two categories, namely external tests and internal tests. 

In computer and wireless network penetration testing, we focus on the following areas:

  • firewall configuration;
  • firewall bypass testing;
  • stateful inspection analysis;
  • deception of the intrusion prevention system;
  • DNS level attacks.

Types of penetration testing

  • Internal penetration testing

Internal penetration testing or vulnerability assessment. Performed by connecting to your internal network and assessing internal network devices or IP address ranges for vulnerabilities.

  • External penetration testing

External penetration testing and vulnerability assessment. Typically performed remotely and assesses external security services exposed to the internet.

Inclusion of penetration testing into your security program has several key benefits:

  • It helps meet regulatory requirements and security policies. Penetration testing is explicitly required in some industries and conducting penetration testing helps to meet this requirement and evaluate existing security policies for potential vulnerabilities.
  • It helps you evaluate your infrastructure. Infrastructure such as firewalls and DNS servers are publicly available. Any changes made to the infrastructure may leave the system vulnerable. Penetration testing helps identify real attacks that could be successful in accessing these systems.
  • It identifies vulnerabilities. Penetration testing of web applications will reveal gaps in applications or vulnerable routes in infrastructure before an attacker can.

Penetration testing - other services

Penetration testing of web applications is a simulation of attacks on a system to gain access to sensitive data and determine whether the application is secure.

The goal of web application penetration testing is to detect security vulnerabilities resulting from insecure development practices in the design, coding and publishing of software or websites.

A web application penetration test typically includes:

  • User authentication testing to verify that accounts cannot compromise data;
  • Assessment of web applications for flaws and vulnerabilities such as cross-site scripting (XSS);
  • Assessing the secure configuration of web browsers and identifying features that may cause vulnerabilities;
  • Web server and database server security assessment.

Mobile application penetration testing tests mobile applications/software/mobile operating systems for security vulnerabilities using manual or automated application analysis techniques.

These techniques are used to identify security vulnerabilities that may be present in a mobile application. The purpose of penetration testing is to ensure that the mobile application is not vulnerable to attacks.

Mobile application penetration testing is an important part of the overall assessment process. Mobile app security is becoming a critical element of any company's security. Data is also stored locally on the mobile device. Data encryption and authentication are critical security issues for organisations that have mobile applications. Mobile apps are the most lucrative target for hackers. This is because mobile apps are used by almost everyone on the planet.

Static application testing is a frequently used application security tool that scans the source, binary or byte code of an application.

It is a white-box testing tool that identifies the root cause of vulnerabilities and helps to eliminate basic security flaws. Static testing solutions analyse an application from the inside out and do not need a running system to perform the scan.

Static testing reduces security risks in applications by providing developers with immediate feedback on issues introduced into the code during development. It helps educate developers about security as they work and gives them real-time access to recommendations and line-by-line code navigation, enabling faster vulnerability discovery and joint auditing. This allows developers to produce more code that is less susceptible to compromise, leading to a more secure application.

Dynamic security testing is the process of analysing an application through the front-end to find vulnerabilities using simulated attacks. This type of approach tests the application "from the outside" by attacking the application in the same way a malicious user would. 

After the scanner performs these attacks, it looks for results that are not part of the expected result set and identifies security vulnerabilities.

Dynamic application testing is important because developers don't have to rely solely on their own knowledge to create applications. By performing dynamic testing during development, you can catch vulnerabilities in your application before it is deployed to the public. If these vulnerabilities are not addressed and the app is deployed in this way, it can lead to data leakage, which can result in large financial losses and damage to your brand reputation. At some point in the software development lifecycle, human error will inevitably play a role, and the earlier a vulnerability is caught during development, the cheaper it is to fix.

Main contacts

Related insights