“Security - A Hackers Perspective”

Want the view of your network and IT infrastructure from a Hackers perspective? Yes, penetration test is a simulated attack on you IT infrastructure with all the step that the bad guys follow to attack your assets. It is about getting a comprehensive view of the vulnerabilities that are present in you IT infrastructure from the eyes of a hacker.

Our Xi-AAAG (Attack Audit Analysis Group ) follows the OSSTMM methodology for conducting a Pen test, OSSTMM is one of the most comprehensive and trusted security testing methodology available, it is developed by ISECOM

let’s walk through the following major steps of a pen-test:

Types of Penetration Tests

White-Box

The testing team has complete carte blanche access to the testing network and has been supplied with network diagrams, hardware, operating system and application details etc, prior to a test being carried out. This does not equate to a truly blind test but can speed up the process a great deal and leads to a more accurate results being obtained. The amount of prior knowledge leads to a test targeting specific operating systems, applications and network devices that reside on the network rather than spending time enumerating what could possibly be on the network. This type of test equates to a situation whereby an attacker may have complete knowledge of the internal network.

Black-Box

No prior knowledge of a company network is known. In essence an example of this is when an external web based test is to be carried out and only the details of a website URL or IP address is supplied to the testing team. It would be their role to attempt to break into the company website/ network. This would equate to an external attack carried out by a malicious hacker.

Grey-Box

The testing team would simulate an attack that could be carried out by a disgruntled, disaffected staff member. The testing team would be supplied with appropriate user level privileges and a user account and access permitted to the internal network by relaxation of specific security policies present on the network i.e. port level security.

YOUR NETWORK IS SECURE
WHAT ABOUT YOUR WEB APPLICATIONS?

So you have the best security appliances in place, protecting your organisation from attackers, moreover they are having the right configuration too. But you are at risk; vulnerabilities in your Web applications can make those internal systems easily accessible to the public. In fact, they may be the first place a hacker will strike. Make sure you know where your weaknesses are. Assess all of your Web applications.

Our team helps you in identifying the vulnerabilities in you web applications before the Hackers does!

Our Xi-AAAG (Audit, Attack and Analysis Group) uses the OWASP penetration testing methodology, for manually checking for vulnerabilities in you web applications.                                                                                                          

At the end of the Web AppSec Assessment , you get:
1. A detailed report

2  An “Audited By Xiarch” certificate of compliance with OWASP

   standards.
3. An “Audited by Xiarch”  Security Seal to display on you website.

The report will contain details about the tests that we performed, and the security holes that we found, the report will be complete with step by step screenshots describing the security holes and their exploitation. We may also provide you an actual recording of pen test being performed at your web applications, so you can walk through a simulated attack, giving you understanding of potential attack and its effects. The report will explain the security holes found and detailed instructions on fixing them.

Once we’re assured that your application complies with the Xiarch’s Criteria you’ll receive the “Audited by Xiarch” seal and certificate. The certificate provides a guarantee to both you and your users that your website is secure. And this helps in gaining customer confidence.