WeSecureApp has conducted over 4000 of such network penetration tests to help understand and implement an organisation’s network defence efficiently by adhering to the standards described by PTES and NIST network penetration methodology. Wesecureapp conducts external and internal network penetration testing on a network without the authorization details to resemble a black box test and with the authorization details provided so as to resemble a grey box test.
How it works?
Network Penetration testing involves performing a penetration test on infrastructure to check the defences and security posture of an organisation from a remote attacker’s perspective. Internal Penetration testing involves performing a penetration test on an asset within an intranet or VLAN of an organisation from a malicious insider perspective.
We outline the discussed assets, specific services, and IP addresses on which the network penetration test needs to be performed.
We then try to discover all possible assets in the given IP range such as web applications running in the given range, active services running, alive hosts using OSINT (Open Source Intelligence) tools such as Nmap NSE, Snov.io, Shodan, Spyse, OpenVAS, and Burp Suite.
We formulate manual, semi-automated test cases and perform a check of vulnerabilities in each of such test cases defined.
We attempt to exploit vulnerable services in a network using a blend of various tools together such as Metasploit, exploit pack, manually developed scripts, exploit-db scripts, Nessus, etc.
On the conclusion of the test, we summarise and prioritise risks and the impact of all the vulnerabilities to formulate a detailed report with remediation.
The common vulnerabilities we tackled in the past
The most frequently identified vulnerabilities are not very different from the OWASP top 10 lists.
Poor Code Obfuscation
Excessive Information Leakage
Insecure Data Storage
Remote Code Execution
Source Code Leakage
Broken Session Management
Broken Access Control
Do you know?
of the network access we achieved was through outdated versions and default credentials.
of the network access we attained was due to misconfigurations in services being used.
of the network access resulted due to unauthenticated access.
Want a quick network security
By failing to prepare, you are preparing to fail.
Simulate modern & sophisticated cyber attacks related to COVID and enable your team to defend your organization