White Hat SolutionEXPOSE AND RESOLVE THE SECURITY RISKS

www.whitehatsolution.com

Our mission• We at White Hat Solution provide actionable intelligence to

uncover major and minor security issues with the potential to negatively affect your corporate environments.• Our team provides automated and manual vulnerability test

to identify risks and allow you to take action to mitigate and eliminate threats.

www.whitehatsolution.com

Our Services• Penetration Testing.• Vulnerability Assessment.• Software code testing.• User Awareness.

www.whitehatsolution.com

Scope • Initial planning of the audit.• External Scanning/ Footprint.• Internal Scanning.• Vulnerability Assessment.• Metasploit basics.• Post Audit reporting.

www.whitehatsolution.com

What we look for? • Backdoors in Operating System• Unintentional flaws in the design of the software code.• Improper software configuration management

implementation.• Using the actual software application in a way it was not

intended to be used.

www.whitehatsolution.com

What we target?• We target the following endpoints:• Servers• Network endpoints• Wireless networks• Network Security Devices (Routers, Firewalls, Network Intrusion

devices, etc)• Mobile and wireless devices.• Software applications

www.whitehatsolution.com

Penetration Test• It is an information security assessment. • The purpose of Pen Test is to measure the security posture of

information systems, software, networks and human resources. • Pen Test involves actual interaction with the above

mentioned elements.

www.whitehatsolution.com

Purpose of Pen Test• It is designed to answer the following question:• What is the real-world effectiveness of my existing security controls

against an active, human, skilled attacker?• Identifying higher-risk vulnerabilities that result from a combination of

lower-risk vulnerabilities exploited in a particular sequence.• Identifying vulnerabilities that may be difficult or impossible to detect

with automated network or application vulnerabilities scanning software.

www.whitehatsolution.com

Pen Test Strategies• Targeted Testing• External and Internal Testing• Blind testing• Double Blind testing

www.whitehatsolution.com

www.whitehatsolution.com

Types of Pen Test

• Black Box testing.• White Box testing• Gray Box testing.

Black Box Testing

• In this test we do have information about internal working of the particular Web Application or its source code and software architecture. In this scenario we use brute-force attack against IT infrastructure.

www.whitehatsolution.com

www.whitehatsolution.com

White Box Testing

• This is also known as “Clear Box Testing”, during this test we have full knowledge and access to both the source code and software architecture of the Web Application.

www.whitehatsolution.com

Gray Box Testing

• During this test we have partial knowledge of internal workings. This is restricted to just getting access to the software code and system architecture diagrams.

Vulnerability Assessment

• It is a process of identifying and quantifying security vulnerabilities in an environment.

www.whitehatsolution.com

Steps we take for VA

• Catalogue assets and resources in a system.• Assign quantifiable value and importance to the resources.• Identify the security vulnerabilities or potential threats to

each resource.• Mitigate or eliminate the most serious vulnerabilities for the

most valuable resources.

www.whitehatsolution.com

www.whitehatsolution.com

Conclusion

• We are a team of Certified Penetration Test, Network Forensics and Ethical Hackers. • After we have performed Pen Test and/or VA, we provide a full

audit report with recommendations on how to improve IT infrastructure to ensure no unauthorized access occurs.