PENETRATION TESTING

Welcome to Scorpio Net Security Services,

 

Experience has proven time and again that hostile entities, such as competitors and hackers, look for useful information about companies in order to exploit it to their own benefit; they will do so even when the targeted company is unaware of this activity for extended periods of time.

Penetration tests are a process in which the level of security in an organization's infrastructure and applications is realistically evaluated, and options for rectifying the deficiencies are examined. It is extremely important to conduct periodic penetration tests in organizations having sensitive data and data bases that require protection from intentional or random attacks.

Penetration tests and the implementation of their results will reduce the options available to hostile elements attempting to penetrate the organization's network and applications, and will provide an important, additional security layer, which oftentimes is the critical layer.
 

There are two main types of penetration tests: those performed on applications, and those performed on infrastructure.

The tests are implemented in accordance with the organization's needs and goals.

Scorpio Net Security Services conducts numerous, diverse tests at a large number of organizations whose work requires them to store and utilize sensitive data. Our clients, who benefit from superior information security services, include world leading hi-tech companies; as well as governmental, public and private sector companies in Israel, including insurance, communication and content companies.

APPLICATION TESTS

The importance of protecting the organization's applications is rapidly increasing due to the accelerated transition to the use of Web applications, which is becoming broader on a daily basis, and supplies users with unique and new access options that have not existed in the past.

Technological developments in the Web environment significantly impact on Web-based applications. To keep up with the pace of these developments, anticipate risks and develop suitable solutions, focused professional know-how is needed, since security products for Web applications is an area that is still in its initial stages of development in comparison with security products developed for infrastructure.

Scorpio Net Security Services  specializes in the performance of advanced application tests, benefiting from proven experience in the provision of high level results without overly relying on the many scanners available on the market. Our experts conduct complex application tests based on our unique, proprietary methodology.

TESTING METHODS

BLACK BOX METHOD

Penetration tests based on the Black Box method are essentially a simulation of attempted penetrations that are as authentic as possible. These tests are carried out without prior knowledge of the specialists performing the tests about the system being evaluated.
Scorpio Net Security Services' experts carry out the tests as "hackers"; therefore, many professionals in the field of information security regard this method as the one most realistically indicating the level of risk faced by the organization's data bases and applications.

WHITE BOX METHOD

As opposed to the previous testing method, tests performed in accordance with the White Box method are carried out when the experts performing the tests are familiar with the internal characteristics of the system under evaluation – from both application and infrastructure aspects.
These tests are extremely broad in scope and highly effective; Scorpio Net Security Services  experts become aware of each vulnerability and exposure existing in the systems, since it is fully spread before them in the most transparent manner, including the application code.
Scorpio Net Security Services  usually recommends the performance of these tests after prior tests based on the Black Box method are completed, in order to provide the capacity to grade the level of severity and risk, and devise a well thought out repair plan, including the chronological order in which the various repairs should be made.

GRAY BOX METHOD

Tests performed according to the Gray Box method combine both the White Box and the Black Box methods, allowing the organization to choose which data to provide the experts conducting the tests with – in order to commence testing with the best starting point, based on different bits of information concerning the network and the application. Some experts regard this method as the most legitimate, since many hackers are exposed to a great deal of information about the infrastructures of the organization they are attempting to attack anyway, from economic/ technological publications, and from sales data they manage to acquire.

Additionally, in many cases, the organization is interested in exposing only partial information; tests performed according to the Gray Box method will meet this preference.

 SCORPIO NET SECURITY SERVICES