Penetration Test (pen testing) Processes include:
- Gathering Passive information;
- Port scanning;
- Network equipment types and its description;
- Determining the types of operating systems used in network infrastructure;
- Types of adjacent peripherals in the network infrastructure;
- Defining special device types and combinations;
- Gathering the information received and its analysis;
- Defining “entry points”;
- Defining attack vectors;
- Attempt to infiltrate;
- Detecting vulnerabilities;
- Verifying the imported vectors;
- Solution suggestions for critical vulnerabilities;
- Writing report (according to “the law on the protection of personal data”, GDPR, banking regulation and supervision agency, TSE, PCI DSS, ISO 27001 standards).
Penetration testing is performed using a wide range of special programs and applications (password selection, IP network port vulnerabilities search, malware detection) and covers a large number of control points. The most common are:
- Gathering information (scanning customer data in open sources, collecting data on employee approvals)
- Examination of the technical infrastructure (defining and gathering data on available resources, operating systems, software and applications)
- Vulnerability and threat analysis (detecting vulnerabilities in security systems, applications and software using special programs and utilities)
- Withdrawaling and processing data (at this stage, it is simulated to obtain information for the purpose of collecting data on an attacker’s actual attack, existing vulnerabilities for subsequent analysis, as well as on the dates of hacking the system and calculating economic risks)
- Reporting (processing of received information, preparing suggestions and instructions to eliminate existing vulnerabilities)
After Taking Penetration Test?
After the results and reports (pentest report in accordance with the law on the protection of personal data, GDPR, banking regulation and supervision agency, TSE, PCI DSS, ISO 27001 standards) are presented to you, a new timing should be made to identify weak and unsafe places and increase security by closing the gaps as soon as possible. With this timing, the verification test is performed.
Why Secromix?
Our team has the penetration testing experience and the necessary certificates (CEH, LPT,…) participating in the most prestigious CTF hacking contests (“Capture the Flag”), includes researchers and successful participants in error award programs in accordance with standards (the law on the protection of personal data, GDPR, banking regulation and supervision agency, TSE, PCI DSS, ISO 27001 standards).
As a company, our aim is to reduce risks, help correct all security gaps and support your information security process.