Wolfpack Penetration Tests
How safe is your system, really?
Cybercrime is on the rise these days, and the coming years the number of digital attacks will only keep on increasing. Criminals, spies, and activists use vulnerable spots in hard- and software to get their hands on important information or money. This could also happen with your IT-infrastructure.
It is important to regularly check if your infrastructure’s security is still optimal and up to date. New vulnerabilities in existing hard- and software are found on a daily basis, and can be used for digital break-ins or misuse of your system. These vulnerabilities can be anywhere; your website(s), but also your internal network or your proprietary applications.
Our penetration test gives insight into the defensibility of your digital infrastructure. After our test, we prepare an extensive report detailing the vulnerabilities we potentially find. The wolves who execute this test are academically educated specialists with a rich background in the field of Information Security Technology.
Man in the Middle
When a secure (SSL) connection has not been fully implemented, your system becomes vulnerable to a ‘man in the middle’ attack, which allows malicious attackers to ‘eavesdrop’ on communication and get a hold of sensitive user information. Apps are especially vulnerable to these kinds of attacks due to their ‘client-server’ architecture.
Two Factor Authentication
Two-factor authentication (TFA) is used more and more, and is sometimes even made obligatory. For example, when sending sensitive personal data (such as medical information) across your network. In those cases, supplementary legal stipulations apply and additional levels of security like TFA are required. Transfer of medical data for instance is subject to the medical sector’s information security standard, which mandates TFA. Indeed, most apps do feature this type of authentication, but again, implementation might not be appropriate, allowing the safety measure to be circumvented.
‘Man in the middle’ attacks are also possible when a Facebook login has not been implemented properly. After Facebook has finished checking newly entered data it communicates this data to the server together with an email address. This communication can be intercepted and allows attackers to change the email address before forwarding the data to the server. This way, they can log into an account without needing its connected password.
What does it entail?
Overall we offer two types of penetration tests: an entry-level test which examines the ten most critical security risks, and an expert-level test, which builds on this and adds a detailed analysis. Besides these two standard tests it’s always possible to request a custom test that has been tailored to your system or app.
Penetration Test - Entry Level
|Description||Tests if your web application is protected against the ten most critical web application security risks.|
|Why||Find core-issues and make recommendations in relation to SSL, HTTP, and other front-facing configurations. Reduce risks for common HTTP and SSL attacks and defacing, as well as for XSS and other OWASP specific attacks.|
Detailled list with recommendations
|Recommended frequency||Twice yearly|
Penetration Test - Expert Level
|Description||Analyses a number of extra vulnerabilities on top of the entry level penetration test with Kali Linux, which are custom-built to penetrate any system.|
|Technology||OWASP, Kali Linux tools|
|Why||Gains detailed insight into vulnerabilities beyond the entry level test. On request, we can devise a security check-plan that focuses on your core-business. Our security experts are experienced in using a wide range of Kali Linux tools.|
|Result||Test report (incl. Kali Linux)
Detailed list with recommendations
|Recommended frequency||Once yearly|
We are located on the campus of the Technical University Eindhoven, the centre of information security. To offer the most exhaustive test possible, we exclusively work with academically educated specialists with a rich background in Information Technology.
At Wolfpack we take things one step further. We present you with a complete overview of where and how we managed to break into your infrastructure, as well as what we would have been able to do to your systems. We show you the havoc an actual hacker would be able wreak. This allows you to understand the impact a digital break-in might have. Showing trumps telling.
How do we operate?
We always work closely together with our clients, to make sure we achieve the best results while putting as little pressure as possible on the day-to-day management of your company. Typically, we move through the following four steps:
We discuss the possibilities and come to a tailored solution for your company.
Based on your company’s tailored solution we prepare a price quote.
In collaboration with you we prepare the activities, after which our security team executes the necessary tests.
We deliver a detailed report with recommendations for your system.
Of course, this process will always be tailored to your needs.
Want to know more?
Are you interested or do you have any questions? Please feel free to contact us!