Penetration Testing

Penetration testing is one of ITSEC Asia’s most popular services and is often delivered to our clients on a regular basis.

Pen-testing is a critical method of evaluating the security of information systems or networks by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, security flaws or vulnerabilities. This analysis is carried out from the perspective of a potential attacker and often involves active exploitation of security vulnerabilities.

ITSEC Asia specialises in:

  • Web Application Penetration Testing
  • Mobile Application (iOS, Android, Windows Mobile) Penetration Testing
  • Infrastructure Penetration Testing
  • Specialised Penetration Testing (RFID, ATM, EDC, Telecommunication Networks)

The methodology of penetration testing used at ITSEC Asia combines black box (no knowledge of the target system) and white box (partial knowledge of the system) approaches. As with every ITSEC Asia consulting service, during a penetration test project we focus on knowledge exchange with our client.

In addition to a project’s final report we deliver a number of presentations to executives, management and technical teams, accompanied by comprehensive training that guarantees a thorough understanding of methods used during the penetration testing and a full comprehension of the prepared recommendations.

Our methodology ensures rapid implementation of recommended changes and provides immediate security improvements. Penetration tests also boost security interest among client’s personnel, which in the long term has an exceptionally beneficial effect on the overall security of client’s information systems. During penetration tests we also use a combination of industry standard security tools as well as self-developed proprietary tools and techniques.

All identified security weakness and vulnerabilities will be presented to the client with a risk assessment and recommendation for risk mitigation method. For each finding we also explain and rate risk involved, explain and rate the complexity of implementation of our recommendations.

Key benefits mentioned by our clients include:

  • Infrastructure Penetration Testing
  • Web Applications Penetration Testing
  • Mobile Applications Penetration Testing
  • Specialised Penetration Testing (RFID, ATM, EDC, Telecommunication Networks)