PENETRATION TESTING SERVICES

More than 10 years of cyber security experience

Penetration Testing Services

  • Network and system penetration testing
  • Web application penetration testing
  • Android, iOS, OS X, Windows istemci uygulamaları sızma testleri (pentest)
  • Platform pentests with more than one component identified above
  • Load testing and DDOS simulations
  • Social engineering tests (with phishing messages, telephone calls and using other vectors)

Network, system and application penetration tests identify the vulnerabilities in those technology layers and help preventing the data leakage, data manipulation and denial of service risks.

Social engineering tests targeting the user layer aim to identify and improve the user awareness level.

  • Network and system penetration testing
  • Web application penetration testing
  • Android, iOS, OS X and Windows client applications penetration testing
  • Platform pentests with more than one component identified above
  • Load testing and DDOS simulations
  • Social engineering tests (with phishing messages, telephone calls and using other vectors)

 

BTRisk had developed its network and application penetration testing methodologies in accordance with the best practices and its own experiences. Our penetration testing engagements are planned to minimize the business interruption risks and tests with data integrity loss potential are carried out in a controlled manner. The fundamental penetration testing methodology delineated below is customized with steps specific to the targeted technologies and with misuse scenarios with financial and other consequences.

Our fundamental network penetration testing methodology contains the following steps:

  • Information gathering and server enumeration for the target network and systems.
  • Service discovery of the live servers identified.
  • OS and service enumeration for the identified systems.
  • Default and other users enumeration for the identified services.
  • Identification of the known vulnerabilities using the vulnerability databases for the services identified.
  • Using the exploit codes with the permission and request of the client which could potentially cause integrity and availability loss.
  • Performing the login bruteforce attacks with the permission and request of the client for the default and other enumerated users.

Our fundamental web and mobile application penetration testing methodology contains the following steps:

  • Understanding and mapping the application functionality.
  • Reverse engineering of the mobile and thick web client applications to identify the used and unused functionality and input points, and security controls of the application.
  • Identification of the all application input points. Fuzzing those input points and observing the application responses for potential errors and unusual responses.
  • Testing for the deficiencies in the application business or security control logic.
  • Testing for horizontal and vertical authorization vulnerabilities of the application.
  • Testing for the broken access and session controls.
  • Penetration testing of the application server and operating system infrastructure for the known vulnerabilities and configuration deficiencies.
  • Backend scanning for not linked content and functionality.
  • Assessment of the application user and password management processes starting from the enrolment step.

What is Penetration Testing?