Penetration tests | Etnetera EN

Are current internet threats just a nuisance for your business or are they a real risk? We will check over every corner of your IT and bring answers

Do not leave sensitive data of your users at the mercy of hackers. It’s better to be on the safe side and keep control over real threats then to hastily look for and patch up holes through which “the bad guys” got to you.

We offer three possibilities in the field of security assessment and system remedy, where each testing is carried out by a EC-Council Certified Ethical Hackerspecialist, According to The Open Web Application Security Project and Penetration Testing Execution Standard.

Penetration testing

The aim of these tests is to check the possibility of obtaining access to the key assets of your enterprise and your company — that is, what a real attacker might want to get. Although it is, of course, possible to restrict the scope of test to particular components, e.g. Wi-Fi networks, web pages, social engineering, or to test physical security, we recommend not doing so — hackers won’t restrict themselves either ;).

Vulnerability assessment

Vulnerability assessment is a process of identification, classification and evaluation of security risks in systems and applications. The test is performed using special tools, so-called vulnerability scanners, which try to find known vulnerabilities. After an automated test has been carried out, the report may contain a relatively large number of so-called false-positive results which are subsequently manually validated.

So what exactly are the differences between penetration tests and vulnerability assessment?

  • During a penetration test, unlike vulnerability assessment, previously unknown vulnerabilities, so-called 0-day, are often exposed. Moreover, the test isn’t limited to particular system components but rather to their interconnections and so it exposes faults in process implementation which may open door to compromising your system.

  • Vulnerability assessment is, in its larger part, an automated process and it usually carried out repeatedly, in regular intervals, so that customers were warned as soon as new vulnerabilities are exposed.

Forensic analysis of compromised systems

If the security of your system or application has been breached, we are able to provide our specialists to deal with such an unpleasant situation.

The output of every audit is a, for a manager, comprehensible report where findings are recorded, described, and sorted based on their risks, which can help determine the priority when planning corrective measures.

Our service for internet pages detection and protection, EWA, can also help you with seemingly unsolvable findings from penetration testing. EWA is a service in the form of an SaaS module for protection of your web pages not only against DoS attacks, but it also provides protection in the form of an application firewall with our service and, as a bonus, it contains modules for web page acceleration to help cope with a large influx of traffic on your web.