Penetration Testing

In security as in life, the hardest weaknesses to pinpoint are your own. Fortunately, we have no problem thoroughly documenting all of your flaws. In fact, it’s our job. And that’s a good thing: knowing your vulnerabilities—and the ways in which attackers could exploit them—is one of the greatest insights you can get in improving your security program.

A penetration test (pen test) is an authorized simulated attack performed on a system or infrastructure to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business.

With that in mind, IDT’s Penetration Testing Services team will simulate a real-world attack on your AWS infrastructure and applications to demonstrate the security level of your key systems and infrastructure and show you what it will take to strengthen it.

Methodology

• Reconnaissance - The objective of this step is to gather as much information about the target as possible from public and private sources to develop the attack strategy.
• Scanning - The objective of this step is to run the scanning process to examine the target website or system for weaknesses, including open services, application security issues, and open source vulnerabilities.
• Gaining access - At this stage a pen tester simulates an attacker’s actions including stealing, changing, or deleting data; moving funds; or simply damaging a company’s reputation
• Maintaining acces - In order to demonstrate the potential impact, once pen testers gain access to the target, their simulated attack must stay connected long enough to accomplish their goals of exfiltrating data, modifying it, or abusing functionality