Upload
vuongdan
View
221
Download
0
Embed Size (px)
Citation preview
Pentest
Our Procedural Approach
Our pentests we offer in the following areas:
The pentest is prepared at a kick-off meeting with the
responsible technical and organizational specialists
of your company. In this meeting, we specify the IT
systems to be tested, coordinate necessary user ac-
counts and access channels, define contact partners
and escalation channels and discuss the test proce-
dure in detail.
During this phase, we gather information about the IT
systems specified in the kick-off meeting. In addition
to a port scan, we also perform a vulnerability scan.
In this step, we will not yet exploit vulnerabilities that
we‘ve identified. This phase helps to prepare our secu-
rity experts for the active penetration attempts to be
performed in the exploitation phase.
Information Gathering
Kick-Off
• Web Application
• IT-System (extern and intern)
• Mobile Application
• Desktop Application
• Wireless LAN
• Product Test (Software)
usd pentests involves much more than just automated secu-
rity scans. During these tests, our security specialist assumes
the role of a hacker – however, on a legal basis. Our expert uti-
lizes professional tools to obtain information and also tries to
penetrate a company’s IT systems using a targeted, individual
and creative approach. This simulated hacker attack provides high-quality results
that we summarize for you in a report that includes specific suggestions for impro-
vement.
more security usd
PCI DSS compliant
Secure Payment
The information gathered during the previous phase
is examined as to its relevance. Our security experts
compare existing data and evaluate it regarding its
consistency. In this way, potential vulnerabilities are
identified.
In this phase, we attempt to exploit the identified
vulnerabilities to actively obtain access to the target
systems and to stored data. Depending on the speci-
fic service or the technical environment, our security
team either writes new exploits or uses existing ones.
Potential vulnerabilities might turn out false-positive
in this process. Only verified vulnerabilities are inclu-
ded in the final report and classified according to their
criticality.
You will receive a comprehensive Report consisting of
an Executive Summary and a Technical Report. This
Report evaluates the criticality of the findings and the
risks of occurrence. It also includes recommenda-
tions for corrective action.
In this phase, employees of your company eliminate
identified deviations and vulnerabilities. Experienced
usd consultants will support you, as needed.
You may opt for a verification provided by us after
your remediation is completed. We will verify the ef-
fectiveness of your corrective action and adjust the
result report accordingly.
Manual Research
Report
Exploitation
Remediation
Optionale Nachprüfung
Your Personalized Certificate
Our evaluation of your scan result is based on the international security standard of
the payment card industry (PCI DSS). With your scan result you comply with PCI DSS
requirements and we’re happy to confirm this by issuing you with a personalized
certificate. This enables you to demonstrate to third parties just how seriously you
take security.
Security Certificate We hereby certify that
Max Mustermann GmbH
Street House Number Zip Code City Germany
successfully passed the [Security check] of
[short description, objective of the check]
on [date of the check]
No critical, security relevant vulnerabilities were identified according to the requirements of the internationally recognized security standards of the payment card industry (PCI-DSS). The detailed results of the test object concerned can be found in report number [XXX].
The certificate issued applies to the test objects considered and confirms the circumstances given at the time of the security check. We recommend repeating the check [on a quarterly basis] or subsequent to relevant changes.
As an auditor (QSA) and Approved Scanning Vendor (ASV) officially accredited by the PCI Security Standards Council usd AG provides consulting services to and
certifies companies Europe-wide according to the international security standard for the payment card industry (PCI DSS, PCI-PA DSS).
Place, date usd AG usd AG OEC ,hcabuT derfnaM Christian Frei, Head of usd Security Analysis & Pentests, by proxy
Neu-Isenburg, XX.XX.XXXX
Please contact us with any questions or queries.
Phone: +49 6102 8631-190 | E-mail: [email protected]
usd AGFrankfurter Straße 233, Haus C1
63263 Neu-Isenburg, Germany www.usd.de
This product sheet will be valid until a new version is released. Product sheet creation date: 19/04/2017