Al Shorouk for Penetration Testing
Our Pen Testing methodologies are based upon industrial best practices including the OSSTMM (Open Source Security Testing Methodology Manual), Offensive Security, NIST (National Institute of Standards and Technology) Guidelines and Ethical Hacking methodologies. We utilize these world-recognized penetration testing methodologies and guidelines as well as our own developed methodologies and know-how to produce repeatable, quality results with minimal risk to your systems during testing.
Our penetration testing consultants share a range of specialist skills and employ both manual techniques and the use of commercial, non-commercial and in-house developed tools to ensure that the test is comprehensive. The skills and tools are continually reviewed and updated to ensure that we offer efficient services against ever-evolving threats.
A Penetration Test or a Pen Test, is an attempt to evaluate the security of an IT infrastructure by safety trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behaviour. Such assessments are also useful in validating the efficiency of defensive mechanisms, as well as, end-user adherence to security policies.
Pen testing should be performed on a regular basis to ensure more consistent IT and network security management by revealing how newly discovered threats r emerging vulnerabilities may potentially be assailed by attackers. In addition to regularly scheduled analysis and assessments required by regulatory mandates, tests should also be run wherever:
New network infrastructure or applications are added
Significant upgrades or modifications are applied to infrastructure or applications
New office locations are established
Security patches are applied
End user policies are applied
Pen Testing Strategies
It is performed by the organization’s IT team and the penetration testing team working together. It’s sometimes referred to as a “lights-turned-on” approach because everyone can see the test being carried out.
This type of pen test targets a company’s externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they’ve gained access.
This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that’s performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.
Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization’s security monitoring and incident identification as well as its response procedures
Web Application Penetration TestingA web application security test focuses only on evaluating the security of a web application.
Web Application Penetration Testing
The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution
Database Penetration TestingDatabase penetration test demonstrates if your database is properly designed, configured and maintained and conforms to industry and vendor best practice.
Database Penetration Testing
Database security may present a tremendous challenge for security operations and management teams who need to ensure adequate security. The ultimate goal of an attacker targeting your organisation is to acquire access to your databases storing critical business information. This is often achieved through an application defect or via direct network access.
ERP (SAP, Oracle) Penetration TestingA penetration test on ERP (SAP, Oracle) systems would help you locate a wide range of issues to which the system might be vulnerable. Weak ERP security implementation results in Business Fraud.
ERP (SAP, Oracle) Penetration Testing
Our ERP penetration test gives you an independent, comprehensive view of your currently implemented ERP security measures, it highlights risks and loopholes and proposes mitigation actions:
- Detect exploitable vulnerabilities
- Determine the business impact of successful exploits
- Prioritize remediation efforts
Network Penetration TestingNetwork Pen Test focuses on evaluating the security of business network, attached devices, network application or a business website
Network Penetration Testing
Emulating a real-world attack on an organization’s network. It consist of:
- Network Scanning
Firewall Penetration TestingFPT determines how secure a firewall is against attacks that are likely to be launched by network intruders
Firewall Penetration Testing
It is designed to ensure that firewalls are installed and configured in a best practice way and appropriate port security is in place. It is also designed to minimize the risk of intrusion attempts and unauthorized access to internal IT systems.
Intrusion Detection Prevention System Penetration TestingCheck your Intrusion Detection or Protection System in a controlled, repeatable and safe manner, even in a production networks.
Intrusion Detection Prevention System Penetration Testing
IDS/IPS offer great benefits, warning and defending against threats, but are frequently complex to configure the test. With the constant increase in threats and attacks, it is critical to confirm that your IDS or IPS is protecting you against those threats.
Router & Switches Penetration TestingSwitches and routers are a favourite target for hackers. If a router is compromised it will compromise all the network traffic .Router testing is needed to provide a single point of reference for router security assessment and countermeasures for vulnerabilities
Router & Switches Penetration Testing
Our Router & Switches Penetration Testing includes:
- Analyzing the configuration.
- Testing for any misconfiguration
Countermeasures for all vulnerabilities found on routers & switches
Wireless Penetration TestingWireless networks are an extension of your organization’s infrastructure perimeter and poses additional security Risk. Rogue access points, installed by employees on the infrastructure, which do not follow the organization’s security guidelines, can also be used to compromise your organization
Wireless Penetration Testing
We test to assess the possibilities of breaking into a corporate network via the wireless network.
The test is carried out with specialized equipment and tools in order to ensure complete and accurate results
E-mail Security Penetration Testing
E-mail Security Penetration Testing
Mobile Penetration TestingThe growing variation in devices and their different operating systems pose unique challenges for pen tests for mobile applications
Mobile Penetration Testing
Al Shorouk provides real-time mobile applications testing, providing simulations of different types of attacks; generalized and mobile specific ones as well as replications of attackers actions to retrieve classified information are a few applications at core of this pen test. It includes the following:
Application reverse engineering
- Analysis of crypto applications
- Security of sensitive data
Authentication & Authorization weakness
Data Leakage Penetration TestingData Leakage is unauthorized transfer of classified information from a computer or datacenter to the outside world. Data loss prevention is an increasingly important part of any organization’s ability to manage and protect critical and confidential information
Data Leakage Penetration Testing
Al Shorouk test multiple common endpoint scenarios, by trying to upload, print, email or otherwise transfer data that should be blocked, quarantined, warned about or simply monitored under the rules and policies we set up.
Cloud Penetration TestingCloud-based applications need to be pen tested, as do their on-premises counterparts. However, pen testing applications that run in public clouds come with some complexities you must deal with, including legal and technical obstacles
Cloud Penetration Testing
Al Shorouk offers external penetration tests on all your cloud instances, OS configuration tests, Web application and network firewall testing etc