Prevent cyber-attackers form disrupting your business
A penetration test is a controlled exercise commonly used to discover, catalog and evaluate the security of your IT infrastructure by safely attempting to exploit various vulnerabilities that might reside in your environment these vulnerabilities may exist in operating systems, services, application flaws or improper default mis-configurations.
During first contact with your company’s network, Vicxer will develop a threat model that considers different possible scenarios and attack vectors, this model then serves as the basis for a comprehensive assessment of defined target systems, allowing us to cover a wide range of attack vectors that affect your IT infrastructure. Vicxer’s methodology to discover, test and validate these kind of threats is based on the following staged model:
Discovery: Every penetration test starts with an identification of systems, components and services on a previously defined scope. This activity is performed using intelligent automatic and manual network scan techniques.
Vulnerability Assessment: Once all visible systems have been identified, a black-box security evaluation takes place. During this phase, services are assessed without any kind of credentials, trying to detect as many vulnerabilities as possible in a non-intrusive way.
Exploitation: A map of vector attacks that could take place based on abusing the discovered vulnerabilities is developed and leveraged. Denial of Service (DoS) attacks are NOT performed unless it was explicitly requested by you.
Credentials Reutilization: In the event that some attack vectors result in success and allow us to obtain privileged access to the target systems, further internal tests are performed using the obtained credentials. These tests include validating security configurations, active policies and the application of security patches among others.
If you are looking for more information about SAP Penetration Testing, please follow this link