Penetration Test

The Penetration Test is a security assessment service that consists in the execution of thorough Ethical Hacking tests. It is based on inferential attack techniques aimed at identifying vulnerabilities that cannot be detected just by means of automated scanning and analysis tools. The security testing activity is carried out by highly qualified personnel, whose expertise and experience allow for a realistic simulation of the operations commonly performed by external or internal threat agents, employing tools and techniques typical of an actual attack scenario.

Purpose

The Penetration Test service enables the detection in the field of the technological vulnerabilities that affect the analyzed IT infrastructure. Furthermore, it allows to verify the adequacy of the implemented security policies and how the Client’s personnel comply with them.

 

Scope

In order to provide a thorough assessment of the security posture of the analyzed IT infrastructure, the team of specialists does not restrict the analysis to the external perimeter exposed to attacks originating from the Internet public network, but instead it makes use of multiple attack vectors.

@ Mediaservice.net boasts a ten-year experience in performing security tests and can therefore guarantee a complete, in-depth attack simulation for a wide range of technological scenarios, such as:


Infrastructure Applications Tlephony Others
IP Web PBX Human
Firewall BlackBerry RAS Physical
VPN Database APN Videosorveglianza
Wi-Fi iSeries Backup ISDN Biometria
SCADA SAP VoIP Crypto
X.25 Client-Server GSM/UMTS Dumpster Diving

 

 

Methodology

In order to provide an independent, objective, and repeatable security assessment, the Penetration Test is performed in concordance with the most accredited analysis methodologies (OSSTMM, OWASP, ISO/IEC 15408, ITSEC, TCSEC), in compliance with the relevant international standards (ISO/IEC 27001:2005, ISO/ IEC 27002:2005, ISO/IEC 27005:2008, ITIL, COBIT, GAO, FISCAM, PCI, SOX, HIPAA, CASPR, SET, NIST Best Practices, D.lgs 196/2003, other data protection laws).

Professional Resources

To carry out the described activities, only highly qualified personnel with proven experience is employed by @ Mediaservice.net, holding internationally recognized professional certifications (CISSP, OPSA, OPST, OWSE, CISA, CISM, GCFA, ISO 27001 Lead Auditor, etc.). These certifications guarantee both advanced technical skills and high ethical profile of the specialists in charge of the tests.

Depending on the agreements between the parties, the professional resources will work in team at @ Mediaservice.net labs or within Client's premises.

Penetration Test - 385,49 kB Download the service datasheet.