Upload
arslan-awan
View
17
Download
0
Embed Size (px)
Citation preview
White Hat SolutionEXPOSE AND RESOLVE THE SECURITY RISKS
www.whitehatsolution.com
Our mission• We at White Hat Solution provide actionable intelligence to
uncover major and minor security issues with the potential to negatively affect your corporate environments.• Our team provides automated and manual vulnerability test
to identify risks and allow you to take action to mitigate and eliminate threats.
www.whitehatsolution.com
Our Services• Penetration Testing.• Vulnerability Assessment.• Software code testing.• User Awareness.
www.whitehatsolution.com
Scope • Initial planning of the audit.• External Scanning/ Footprint.• Internal Scanning.• Vulnerability Assessment.• Metasploit basics.• Post Audit reporting.
www.whitehatsolution.com
What we look for? • Backdoors in Operating System• Unintentional flaws in the design of the software code.• Improper software configuration management
implementation.• Using the actual software application in a way it was not
intended to be used.
www.whitehatsolution.com
What we target?• We target the following endpoints:• Servers• Network endpoints• Wireless networks• Network Security Devices (Routers, Firewalls, Network Intrusion
devices, etc)• Mobile and wireless devices.• Software applications
www.whitehatsolution.com
Penetration Test• It is an information security assessment. • The purpose of Pen Test is to measure the security posture of
information systems, software, networks and human resources. • Pen Test involves actual interaction with the above
mentioned elements.
www.whitehatsolution.com
Purpose of Pen Test• It is designed to answer the following question:• What is the real-world effectiveness of my existing security controls
against an active, human, skilled attacker?• Identifying higher-risk vulnerabilities that result from a combination of
lower-risk vulnerabilities exploited in a particular sequence.• Identifying vulnerabilities that may be difficult or impossible to detect
with automated network or application vulnerabilities scanning software.
www.whitehatsolution.com
Pen Test Strategies• Targeted Testing• External and Internal Testing• Blind testing• Double Blind testing
www.whitehatsolution.com
www.whitehatsolution.com
Types of Pen Test
• Black Box testing.• White Box testing• Gray Box testing.
Black Box Testing
• In this test we do have information about internal working of the particular Web Application or its source code and software architecture. In this scenario we use brute-force attack against IT infrastructure.
www.whitehatsolution.com
www.whitehatsolution.com
White Box Testing
• This is also known as “Clear Box Testing”, during this test we have full knowledge and access to both the source code and software architecture of the Web Application.
www.whitehatsolution.com
Gray Box Testing
• During this test we have partial knowledge of internal workings. This is restricted to just getting access to the software code and system architecture diagrams.
Vulnerability Assessment
• It is a process of identifying and quantifying security vulnerabilities in an environment.
www.whitehatsolution.com
Steps we take for VA
• Catalogue assets and resources in a system.• Assign quantifiable value and importance to the resources.• Identify the security vulnerabilities or potential threats to
each resource.• Mitigate or eliminate the most serious vulnerabilities for the
most valuable resources.
www.whitehatsolution.com
www.whitehatsolution.com
Conclusion
• We are a team of Certified Penetration Test, Network Forensics and Ethical Hackers. • After we have performed Pen Test and/or VA, we provide a full
audit report with recommendations on how to improve IT infrastructure to ensure no unauthorized access occurs.