Penetration Tests

Most companies just put the computer security as a priority after suffering some kind of attack. With the size of the growth and complexity of information systems it is imperative that companies or organizations adequately protect their systems. This requires there are also a clear perception of the risks they are exposed.

Every day that passes brings new vulnerabilities that usually originate from programming errors, misconfiguration or human failure.

The exploitation of vulnerabilities by an attacker may allow:

  • Access to confidential data, with the possibility of its manipulation;
  • Denial of Service Attacks;
  • Compromised servers;
  • Identity theft;
  • Redirect users to malicious sites;
  • Website defacement;
  • Unauthorized access to functionalities;
  • Total control of applications;
  • Compromise of sensitive data and eventual legal responsibility;

The Vulnerabilities analysis reveals flaws that could compromise the performance, functionality or security of a system before any malicious user can take advantage of. This analysis should be done periodically and allows the creation of mechanisms to block attacks and ongoing improvement of security control.

PenTests can be divided into three classes that complement each other:

  • WebSite tests;
  • Tests to institutions performed from outside;
  • Tests to institutions conducted from inside.
  • In either case, the tests can be made with all the necessary technical information provided by the institution (classified by Whitebox), or can be effected without any information provided by the institution (classified by BlackBox). In all cases, the tests depth level can vary from the use of automated tools to detailed Intelligence analysis of the collected information and respective risk rating impact on the target institution.