secunet experts have been used as “pentesters” (penetration testers) or “moral hackers” in appropriate projects for almost 15 years. With well-founded knowledge in the network and system administration sector, paired with great creativity, exceptional resourcefulness and comprehensive experience, they can be counted on to find vulnerabilities - even without access rights - and (in consultation with the client) exploit these to access company data.
In spite of inhomogeneity in the various IT configurations, every company is ultimately pursuing the same goals when commissioning a security analysis:
- Identification of the key vulnerabilities in an IT configuration
- Assessment of the risk potential
- Recommended measures for removing the vulnerabilities identified and/or reducing the risk potential.
secunet’s process model takes into consideration the multi-layered nature of clients’ requirements and offers the option of dealing with issues in a focussed manner. In doing so, a number of important decisions are made in advance:
- Should the analysis be carried out without knowledge of the target objects (blackbox), with knowledge of the internal structures of the target objects (whitebox), or even with administrative rights allocated (configuration analysis)?
- Should exploits be used?
- Can identified passwords be used for further actions?
- Should denial-of-service attacks be carried out?
- Do specific systems/networks need to be excluded from the analysis?
With open analyses where there is no specific objective and no information has been provided for the penetration test, the client can specify the scope themselves.