Penetration testing


Synapse follows a solid process based on an established well known standard in the field of information security to deliver professional services to enterprises. This process is furnished throughout the years turning Synapse into a well-known security services provider. This type of testing involves a comprehensive analysis of publicly available information about the target, a network enumeration phase where target hosts are identified and analyzed and the behavior of security devices such as screening routers and firewalls are analyzed. Vulnerabilities within target hosts should then be identified, verified and the implications assessed. The penetration testing exercise is about testing if the client is susceptible to external intrusions and measure the degree of susceptibility. Hence, tests are focused on weaker points. Be it the application, the network or even the personnel is the weakest link, the tester would take advantage of it to the maximum extent. Combining multiple low risk vulnerabilities to conduct a focused coherent high damage attack is one of the main strengths of such type of testing. This simulates real world attack scenarios that are highly technical and motivated.

Our Methodology of Penetration Testing

Steps.

Information Gathering.

Enumeration.

Vulnerability Identification.

False positives and false negatives detection.

Exploiting.

Reporting.

Remediation.


Information Gathering

Synapse's expert security testers uses information gathering techniques which to find all available information about the target using both technical and social methods. Also, when applicable, a physical site visit is done to examine the different security aspects of the different sites of the target.


Enumeration

when all possible information about the target has been acquired, a more technical approach is taken to ‘footprint’ the network and resources in question. Network specific information from the previous section is taken and expanded upon to produce fine tune the information previously acquired. In this phase a blueprint of the whole system in scope is built and visualized to be able to identify a vulnerability. This is done by combining all the information gathered from the previous phase by multiple testers and unify the knowledge of the whole team about the target system.


Vulnerability Identification

During vulnerability identification, Synapse's Security tester will perform several activities to detect exploitable weak points. False positives and false negatives detection: Synapse's takes this section extremely into consideration since most competitors in the market will send out a report with several false positives in both the technical and the management report in turn will raise false alarms within the company its self. Synapse Assures that its reports do not have any false positives nor false negatives.


Exploiting

After gathering information about the target network, Synapse's Security tester highlights the attacking points and start performing penetration testing activities. The tester will perform the penetration test from different points on the network and with different privilege and authorization. On many occasions, Synapse's tester might be able to exploit some weakness in the system and gain access to a portion of the network. At this point, the whole process is restarted from a different vantage point using the newly acquired information. The blueprint map is updated to reflect the new discovered information leveraged from the exploited system.


Reporting

Reporting the findings of the penetration tests is integral to the fulfillment of the previously mentioned strategic motivations and drive forces behind engaging in such a process. Hence, once the above tasks are completed, a documentation scheme is followed to report the results across different levels including technical and management level.


Penetration Testing Remediation Plan:

Synapse will help ensure that all vulnerabilities or problems arose from the penetration test are fixed and re-tested again to ensure that all problems and vulnerabilities in Customer's infrastructure are gone.

Penetration testing Types:

  • Web application Penetration Testing
  • Network Penetration Testing
  • Wireless Auditing and Testing