Penetration test of enterprise infrastructure

Penetration tests of enterprise infrastructure is simulated attack against your ICT infrastructure which aims to uncover weak points in cyber defenses of your organization. Outcome of such penetration test is a comprehensive report and presentation that summarizes all security vulnerabilities found in your infrastructure and outlines optimal strategy to mitigate them.

Auxilium Cyber Security has experience testing ICT infrastructure based on different systems from Windows to Linux and from cloud to on-premise solutions.

Objective

Main goal of penetration test is to address vulnerabilities of ICT of your company and propose adequate steps to eliminate them.

Methodology of penetration tests of infrastructure

There are two types of enterprise infrastructure penetration tests - external and internal

The goal of external penetration test is to identify vulnerabilities in systems and services that are exposed to the Internet. Attack is simulated against public IP addresses of your organization with an objective to find out if the hacker can gain access to company internal network or to company sensitive data.

To perform internal penetration test, the tester has an access to internal network through VPN or WiFi. Through simulated attack his aim is to find out if he might gain access to protected internal data such as accounting, active directory, and ERP system.

Our approach to enterprise infrastructure penetration testing

1. Understanding our client

We start by gaining close understanding of our client’s business and technical needs as well as gathering information about enterprise infrastructure itself – number and types of servers and number of public IP addresses.

2. Agreement on commercial offer

Detailed commercial offer is prepared based on our understanding of your needs and requirements. Such offer includes penetration test methodology, testing scenarios, way of reporting results and the scope of the penetration tests. Outcome of this phase formally agreed penetration testing offer.

3. Penetration testing

Penetration test itself is carried out strictly in accordance with our common agreement. During the actual penetration testing our team reveals vulnerabilities in your application and demonstrate you how they can be misused by a hacker.

4. Reporting

We deliver detailed penetration testing report to your team. Such report includes all vulnerabilities together with suggestions on how to mitigate them. If required, we can also prepare executive summary presentation for your management to help you efficiently communicate such results to company decision-makers.

5. Assistance with vulnerability mitigation

If your company has limited internal capacity, we can provide a support with mitigation of identified vulnerabilities.

6. Educating your ICT team

We can also prepare tailor-made security guidelines and training for your ICT team which would reflect results of performed penetration test. This would help your team to avoid making same security mistakes again.

Why Auxilium Cyber Security?

1. Experienced penetration testers with OSCP, OSCE or CISM certification
2. Conducting in-house research in the cyber security field
3. We deliver comprehensive penetration testing reports with proposed vulnerability mitigations
4. We can support you in English, German, or Czech
5. We have experiences with web applications penetration testing since 2015
6. We can provide secure coding guidelines and training reflecting penetration test results

Selected reference in the field of penetration test of infrastructure

1. Asseco Solutions: External and internal penetration test of company infrastructure
2. SILON: External penetration test of company infrastructure