- Security Audit
- Ethical Hacking
- Security Consulting
- Penetration Testing
- Source Code Review
- Training and Coaching
External Penetration Testing
External penetration testing, also known as external pentest, covers security surrounding publicly exposed systems. It consists in assessing information systems security from the perspective of an outside attacker. Since systems can be directly targeted from outside external threats pose a clear danger to any company, even small businesses regularly suffer from blind attacks on a daily basis.
Most popular modules of external penetration testing are:
DMZ / Front-Side Attacks
Front-Side attack module verifies security of servers and services exposed to the Internet. Database servers, Web servers, Mail servers, File Servers, DNS servers and VPN servers are the most popular systems accessible by anybody from the Internet, therefore the most targeted by hackers. High-Tech Bridge experts will launch many different remote attacks on your Front-Side in order to identify all existing risks.
Web Application Attacks
Web Application penetration test module checks the resistance of your corporate website or web-based application to a large number of web attacks, which become more and more popular and easy-to-execute today. Web-based attacks permit to discover improper user input validation that is passed to web application, authentication, authorization, encryption and other logic flows, which could result in unauthorized access, credentials and identity theft or privilege escalation within HTTP/HTTPS portals, for example an e-banking system.
War Dialing / PABX Attacks
War Dialing module permits to ensure security of corporate telecom infrastructure. It consists of scanning telephones and VoIP entry points and looking for available resources that hackers can attack in order to gain unauthorized access to various telecom services (modems, PABX and voicemail systems). Telecom vulnerabilities exist for a very long time, however still represent an easy way to break into many networks and might result in expensive abuse of telecom services.
Physical security is quite often ignored in corporate security architecture and remains one of the weakest points of IT infrastructure today. Perfectly protected server is vulnerable if physical access to the server-room is not secured, controlled and restricted. Physical Security module will perfectly complete your IT security assessment process.