Penetration Tests

Check the security level of your organization’s systems and applications

If you don’t imitate actual attacks, you’ll never be able to see just how secure you are. You may have distorted ideas of the abilities of your administrators and overall security. And a hacker could manage to considerably disrupt your company’s operation.

We can help you test your security via penetration tests. We’ll test how the security of your computer network stands up against the attacks of hackers from outside and inside your organization. Especially if you’ve made any significant changes in the DMZ, local network, firewall or systems and don’t know whether potential vulnerability remained somewhere.

Why Cleverlance is the right choice for penetration tests

• Real experience from roughly 50 penetration tests a year and more than 20 years’ experience.
• An unrivalled broad team of certified specialists for various platforms with full substitutability.
• We place an emphasis on a manual approach in testing that reveals a higher number of errors, particularly in the business logic of applications.

More information on offered penetration test services can be found on the website of AEC (a Cleverlance division)

Some crucial advantages and benefits of the Cleverlance solution

• Strengthening of the security of the organization’s information system and its good repute with customers and business partners.
• Prevention of possible misuse of the organization’s system means from both outside and inside. For instance, the dissemination of illegal content, the installation of illegal software, undesirable interventions to the system’s settings, etc.
• Reduction in costs for the recovery of attacked systems.
  

Penetration test services

The corresponding level of technical and technological security of all information systems and individual applications is a necessary condition to ensure the entire organization's information security. Penetration tests and audits are an appropriate tool for verifying the organization’s technical security, settings of affected processes and other components.

Thanks to its long-term experience, Cleverlance (and its AEC division) offers the following services:

External penetration tests

A detailed security audit of all components of the company’s computer network that are accessible from the Internet. This is done from the perspective of a hacker who only has publicly available information at his disposal or knows the range of the targeted IP addresses.

Internal penetration tests

A detailed security audit of select components and systems within the organization from the perspective of an internal user or external hacker who has already gained access to the internal network by, for instance, installing malware.

Penetration tests of web applications

Security audits of web applications and web services working on an HTTP/S protocol.  In addition to the necessary automated tests, manual testing is conducted that includes, for instance, complex communication links of Web 2.0 technology, the used application framework and application’s business logic.

Wi-Fi penetration tests

A comprehensive audit of the wireless network design and security level of its individual components and related systems includes, among other things: penetration and wiretapping attempts, interference measurement, detection of unauthorised AP or an analysis of network throughput.

Mobile device penetration tests

A detailed analysis of the architecture design for mobile communication within a company and outside it. Assessing the security level of various mobile devices in relation to their users and the company’s other assets.

VoIP penetration tests

Audits of systems for voice communication over a computer network. In addition to regular tests for network equipment, communication service specifics with an impact on the confidentiality, accessibility and integrity of transmitted information are audited.

Penetration tests of supervisory and control systems (SCADA)

Tests of computer networks connected to components for the management and monitoring of industrial technology. This audit reveals in particular the weak points in the architecture design and the security of the individual components of a supervisory and control system that can result in operation failures and hence financial losses.

Other services offered as a supplement to the penetration tests

DoS (Denial of Service) testing

Testing the resistance of a system to attacks aimed at denying services provided by the system.

Hacking training

Training customer administrators about methods and tools used by hackers. The advantage is a better grasp of how hackers think and their methods of attacking so that this information can be applied to increase the level of the systems administrated by them. 

Audits based on defined methodologies

Tests and audits of systems derived from compliance requirements with a defined methodology, such as PCI-DSS, SOX among others.

Where an attack on a company’s ICT can come from

Methodology of penetration tests

In undertaking security projects connected to the conducting of penetration tests and security tests on web applications, we make use of the comprehensive and constantly updated methodology of AEC (a Cleverlance division). This is derived from the methodologies and recommendations of leading organizations dealing with IT security:

• Recommendations of OWASP (Open Web Application Security Project) geared toward helping organizations identify security threats of web applications.
• OSSTMM (Open Source Security Testing Methodology Manual) standard – a methodology for security testing.
• Recommendations of the IETF (Internet Engineering Task Force) – the organization issuing RFCs, called Internet standards.
• NIST recommendations (e.g. NIST SP 800-44 Guidelines on Securing Public Web Servers).
• CVE – Common Vulnerabilities and Exposures – a standardized glossary.
• Common Criteria (ISO/IEC 15408) – the standard for assessing the security level of systems, among other things.

More information on detecting harmful behaviour in the network can be found on the website of AEC (a Cleverlance division)