Penetration Test (PENTEST)
A penetration test is a simulated attack carried out by experts to evaluate the security of the information infrastructure of the systems.
The possibility of an unauthorized person accessing system features and data, causing damage is evaluated under the leadership of our 32 years of experienced team leaders with a particular methodology for that system with physical penetration tests, social engineering penetration tests, wifi penetration tests, network penetration tests, software and application penetration tests, mobile device penetration tests, server penetration tests, network device penetration tests of the target systems authorized by our customers.
The rate of intended use should be increased, and penetration tests should be carried out at regular intervals due to the mobility of elements such as new authorized identification, authorization termination, new hardware, new software to achieve maximum protection of the systems.
In addition, the GDPR data storage processes of our customers' systems are reported in detail in line with the evaluation of GDPR experts of our company.
Penetration tests can be carried out with three methods;
Black Box Method:In the tests to be carried out with this method, the negativities created by a hacker are analyzed with the information obtained in accordance with the company contract in the attack simulations.
Gray Box Method: In the tests to be carried out with this method, detection of uncontrolled activities of persons with specific authorizations and access rights in the internal structure of the system and the access of persons without any permission to access are analyzed with limited information exchange in addition to the information obtained by the company contract.
White Box Method: In the test to be carried out with this method, how persons with control over the system can access unauthorized areas and how they can damage is analyzed by sharing the system- and background information and the information obtained by the company contract. This test requires the most extensive coordination and time.
There are two types of target access locations where the Pentest will be carried out.
Internal Penetration Test, is the test to be carried out over the local networks and systems of the relevant target.
External Penetration Test, is the test to be carried out on the relevant target's website, servers, and applications.
PENETRATION TEST METHODS
Physical Penetration Test
This is the test that our team will physically test unauthorized access to system targets within the planned time interval with authorized administrators. If physical environments are unprotected against physical penetration, these are exposed to many digital attacks. These are the tests carried out within specific planning with the tools that are standard around the world.
Social Engineering Penetration Test
These are the tests to report the possibility of gaining information and activity from authorized persons from human-based factors with the computer, human, phishing methods within the planned time interval with our team of authorized counterparts.
Wireless Network Penetration Test
Wi-Fi systems are systems that are highly preferred for speed and ease of installation, but these systems provide communication with radio frequencies that everyone in the air can notice. Despite new Wi-Fi standards being issued every two years to prevent security vulnerabilities, users should keep the security of the systems under their control in this process. DEF24 provides security reporting services by testing the actions of those trying to penetrate the internal network and taking control over the licensed equipment.
Network Penetration Test
The importance of informatic channels is pretty straightforward when it is thought that every possible type of data is transmitted with informatic channels, and these consist of networks. While unauthorized access with certain internal information is tested internally with the network penetration test carried out with the tools and programs specially designed for our customers' systems, other tests are carried out externally as hackers; thus, it leads to the most comprehensive test. DEF24 recommends that our customers request the network penetration test at regular intervals.
Software and Application Penetration Test
Websites and applications (apps) designed by our customers within the scope of software activities are systems that can be penetrated from the outside, thus accessing many elements such as customer data, financial data, personal data and causing damage to corporate image. It cannot be expected from system designers and programmers to know security vulnerabilities like cybersecurity experts. DEF24 carries out your systems' software and application penetration tests with special methods with 32 years of experience and professional staff.
Mobile Device Penetration Test
Devices with a particular operating system, such as smartphones, tablets, smartwatches, smart TVs, e-readers existing in almost every moment of our lives, can create significant security weaknesses. The vulnerabilities in the systems cannot be ignored despite the use policies being the most critical security measure. System vulnerabilities and use without complying with the rules cause significant security vulnerabilities in internal systems. Mobile device penetration tests are carried out as a branch parameter for the maximum security of our customers.
Server Penetration Test
Nowadays, servers or similar systems that provide standard services forming the infrastructure of the operation and efficiency of the systems exist in many companies. These servers generally operate 24/7 and serve the desired number of people. The importance of security vulnerabilities that may occur in servers is of high importance. DEF24 carries out the tests internally and externally due to the cards that are open to outside.
Network Device Penetration Test
It is a test service carried out in cooperation with the system administrators of the devices on the network, such as printers, routers, firewalls, switches, from an internal location.