Security Review & Penetration Tests Wizard
Web Application Scanning
Scans of application vulnerabilities provide a list of vulnerabilities affecting Web applications.
The vulnerabilities highlighted are those relating to a lack of configuration or follow-up in the application of security patches, but also those related directly to the development techniques used (injection flaws for instance like OS command or SQL injection).
Security checks can be launched from the Internet or from within your information system.
Scans can be run anonymously, but it is also possible to perform security checks by connecting to the application with a particular user profile. This gives you full visibility into security vulnerabilities that can be exploited by a user legitimately connected to the application (malicious user test case).
As usual in terms of vulnerability scanning, we provide security analysis by our team also in charge of penetration tests, having the better view and experience in that field.
The vulnerabilities highlighted are those relating to a lack of configuration or follow-up in the application of security patches, but also those related directly to the development techniques used (injection flaws for instance like OS command or SQL injection).
Security checks can be launched from the Internet or from within your information system.
Scans can be run anonymously, but it is also possible to perform security checks by connecting to the application with a particular user profile. This gives you full visibility into security vulnerabilities that can be exploited by a user legitimately connected to the application (malicious user test case).
As usual in terms of vulnerability scanning, we provide security analysis by our team also in charge of penetration tests, having the better view and experience in that field.
Vulnerability scanning
Vulnerability scans, without being at the level of thoroughness of penetration testing or security review, make it possible to list the flaws present on a given system or application. The weaknesses highlighted are those relating to a lack of configuration or follow-up in the application of security patches.
Our offer of vulnerability scanning is the combination of powerful tools combined with the expertise of security analysts, who are close to you, enabling you to control your level of security.
Security tests can be launched from the Internet or from within your information system via a probe placed in strategic locations (from a particular VLAN or DMZ, from the local network, from the remote site of a partner ...).
This gives you visibility into all the vulnerabilities that can be exploited from the different zones where the probe has been positioned.
Our offer of vulnerability scanning is the combination of powerful tools combined with the expertise of security analysts, who are close to you, enabling you to control your level of security.
Security tests can be launched from the Internet or from within your information system via a probe placed in strategic locations (from a particular VLAN or DMZ, from the local network, from the remote site of a partner ...).
This gives you visibility into all the vulnerabilities that can be exploited from the different zones where the probe has been positioned.
External penetration tests
External penetration tests are an engagement where the security of firewalls and all identifiable services such as email, VPN, file transfer and remote administration is challenged over the Internet from SSL247 offices. A base-line assessment of web applications will also be carried out.
The method will be “black box” and testing is not intended to cause any interruption to services. Testing will begin with fingerprinting the IT infrastructure and services followed by manual exploitation with a full review of the results by a senior Team Leader.
If necessary, privileges elevation is realised, allowing to continue the advance in the networks inaccessible from the Internet (your internal network for example), in search of the target, or sensitive elements. This simulates a real intrusion scenario by an attacker targeting your infrastructure.
The method will be “black box” and testing is not intended to cause any interruption to services. Testing will begin with fingerprinting the IT infrastructure and services followed by manual exploitation with a full review of the results by a senior Team Leader.
If necessary, privileges elevation is realised, allowing to continue the advance in the networks inaccessible from the Internet (your internal network for example), in search of the target, or sensitive elements. This simulates a real intrusion scenario by an attacker targeting your infrastructure.
Internal penetration tests
During this engagement, we realise black box tests from one of your physical sites, potentially following:
- A successful physical Intrusion
- A logical intrusion using the emailing campaign during a social engineering scenario
- Realisation of application penetration tests on an application having different surfaces of attack, followed by a possible test on the authenticated part. These tests are carried out without prior knowledge of the audited targets (except for the exact URL of each application and any login credentials if necessary)
- The purpose of these tests is to determine whether a malicious person could compromise the security of your Information System by targeting one or more applications hosted within or outside your infrastructure. This compromise could be representative, for example, in:
- Access to confidential application data
- A circumvention of the access control or security mechanisms
- A takeover of the system server hosting the tested application
- A second objective is to know if the various vulnerabilities identified could affect your customers or users related to the tested applications, in particular in terms of user impersonation
Voice over IP infrastructure penetration testst
The VoIP penetration test follows an approach similar to that used by a person wishing to commit malicious acts on the IP telephony network by being present on the internal network of the company by:
- Information gathering: From the available local network connection as well as a physical IP phone, obtaining the maximum information on the VoIP network.
- Intrusion attempts on IP phones: Targeting IP phones and analysing their configuration and attack surface. Validation of the confidentiality and integrity of the data exchanged on the network between the telephone and the telephony infrastructure and attempted compromise through the available services including via physical access to the IP telephone (identity theft, for example)
- Intrusion attempts on the telephone infrastructure: Targeting the VoIP infrastructure and discovering the systems and services available on the servers. The objective is to demonstrate security flaws and to assess the level of competence required to exploit it. SSL247 highlights the risks of illegal listening and fraud.
Enterprise Access Penetration Tests
The use of remote office environments is becoming more common in the professional world and their security is often difficult to apprehend. In this offer, we propose to test the security of VDI / Citrix / Remote Desktop type remote access.
Many actions are carried out in order to validate the security level of this environment, whether it is the configuration of the different servers of the Citrix / Microsoft farm but also on the resources deployed:
Many actions are carried out in order to validate the security level of this environment, whether it is the configuration of the different servers of the Citrix / Microsoft farm but also on the resources deployed:
- Evaluation of the level of authentication needed to access the environment
- Attempts to elevate privileges and get out of the remote desktop context, for example from specific shortcuts, protection bypass, system configuration scan
- Using "high" privileges to perform intrusion attempts on machines related to the server farm supporting virtual desktops
Social engineering
Involve your employees in protecting your assets and make them aware of less "known" threats but equally effective. The scenarios in this service can measure the risks associated with your information system: risks of leakage of confidential information and risks of intrusion into your infrastructure.
Different possible scenarios can be realised separately:
Different possible scenarios can be realised separately:
- Open-source intelligence gathering: identifying information without coming into directly request the existing infrastructure by Collecting information about your organisation and your collaborators
- Phishing simulation: Use of the different information collected to more precisely target a list of people and obtaining confidential information or access computers by exploiting the human factor. This phase is commonly known as “phishing”.
- Telephone social engineering: Also uses different information collected to more precisely target a list of people and obtaining confidential information by calling them under false pretexts
- Physical intrusion: Re-use of information obtained last phase to gain access to the physical premises by using different pretexts and testing every existing physical point of entry
- Logical intrusion: once access is granted through phishing or physical intrusion, a logical intrusion can be realised in a stealthy way in order to completely test your infrastructure security
Source code review/audit
Source code auditing is the most comprehensive service that can be applied to a given application: it can exhaustively detect the vulnerabilities affecting an application. This type of review requires the provision of the source code and possibly documentation of the project in order to give all the necessary information to the auditor. Interviews with
developers and architects can also be planned. The technical auditors in charge of this type of project are application specialists and have undergone secure development training in most popular languages (C / C ++, Python, Ruby, PHP,
Java .NET, Go or JavaScript).They will recommend the most accurate and relevant correction actions. Among the weaknesses identified, some are detectable in black box mode (during an application intrusion test in particular) but the source code audit allows to go further by finding points of weaknesses on the internal mechanisms (lack of encryption, good development practices, authentication weaknesses, traceability and logging, etc.), the correction of which makes it
possible to increase the general security level of the application significantly. When applicable, we also validate compliance with the regulations in force (for example: encryption imposed by PCI-DSS, authority requirements, compliance with legal requirements for
public websites, etc.).
Wireless penetration test
This service is composed of penetration tests and wireless audits following a similar approach to that used by a person wishing to commit malicious acts near your physical premises.
From the initial level of information, we will first try to identify all the Wi-Fi networks belonging to you, to analyse the security technologies implemented and the architecture of the access points. This step evaluates the level of exposure and opacity of your Wi-Fi networks.
Once the perimeter is defined, we try to discover the possible vulnerabilities of the access points in order to get a foothold on the internal network or to obtain sensitive information on your organisation and its services. The aim is to demonstrate the exploitability of the security breach and to assess the level of competence required to exploit it, using wireless vectors
From the initial level of information, we will first try to identify all the Wi-Fi networks belonging to you, to analyse the security technologies implemented and the architecture of the access points. This step evaluates the level of exposure and opacity of your Wi-Fi networks.
Once the perimeter is defined, we try to discover the possible vulnerabilities of the access points in order to get a foothold on the internal network or to obtain sensitive information on your organisation and its services. The aim is to demonstrate the exploitability of the security breach and to assess the level of competence required to exploit it, using wireless vectors
Security architecture review
The objective of this approach is to carry out a technical audit of the architecture of the information system in order to identify its strengths and weaknesses in terms of security.
This technical review consists in carrying out an accelerated analysis of the targeted technical architecture, on the basis of the documentary elements provided. This analysis does not involve the use of technical controls on systems or a comprehensive view but takes into account the technical hotspots and an initial vision of the procedures in the action plan.
This review is mainly composed of:
This technical review consists in carrying out an accelerated analysis of the targeted technical architecture, on the basis of the documentary elements provided. This analysis does not involve the use of technical controls on systems or a comprehensive view but takes into account the technical hotspots and an initial vision of the procedures in the action plan.
This review is mainly composed of:
- Identification of needs and analysis of the existing situation: This is usually carried out through interviews with business, technical (production and engineering) and organisational (safety) teams. Requirements at the business, organisational, technical and technological level will be analysed. At these working meetings, we analyse the main rules of security design and the protection mechanisms implemented
- Realisation of an inventory: Analysis of the results of technical tests (including intrusion tests) and identification of the major risks associated with the current architecture
Configuration review/audit
Performed following a white box approach, the configuration audits make it possible to compare the security level of a given environment with the state of the art, with all the necessary points of view (access to equipment configurations, interviews with teams in charge of the platforms, provision of documentation, etc.).
This approach attempts to highlight any weakness related to the configuration and integration on the scope:
This approach attempts to highlight any weakness related to the configuration and integration on the scope:
- Levels of updates for each service, security mechanisms (data encryption, antiviral system scanning), password policy, etc.
- Configuration audits are carried out by technically specialised auditors in the identification of deviations presenting a risk in terms of security as well as in the security of technical components (servers, workstations, databases, specific applications, etc.)
Red Team
Red team engagements use real attacking tactics applied to your infrastructure.
It is a life-size exercise that aims to find a way to infiltrate your internal network in order to extract real data, all this avoiding detection.
This engagement may include:
- The reconnaissance phase, necessary to sharpen the next phases of the exercise
- Deployment of customised Trojan horses and tests of physical defences
- Target staff directly to access a building or network perhaps through the use of phishing techniques
- A phase of exfiltration, terminated by the suppression of the majority of traces generated
Applicative penetration test
The objective of this test is to evaluate all the technical layers related to the assessed application:
In the case of simple and complex applications, each functionality is understood and manipulated in order to attempt to abuse or circumvent the associated security functions. Every test is manual and leveraged by an experimented tester.
The security of the application configuration of different web products is also thoroughly audited in order to detect any vulnerability created during the integration of the application
- System layer: evaluation of the security of the equipment on which the application depends
- Publishing Service: Evaluation of the Publishing Service (Apache, Nginx, IIS, etc.) hosting the application
- Application layers: intrusion on the different application components interfaces accessible without authentication, hidden pages and directories, APIs, etc.
In the case of simple and complex applications, each functionality is understood and manipulated in order to attempt to abuse or circumvent the associated security functions. Every test is manual and leveraged by an experimented tester.
The security of the application configuration of different web products is also thoroughly audited in order to detect any vulnerability created during the integration of the application