Penetration Testing

Insight of Penetration Testing

Penetration tests attempt to exploit the vulnerabilities in a system to determine whether a detected vulnerability is genuine. Penetration tests find exploitable flaws and measure the severity of each. A penetration test is to validate the ranked vulnerabilities to ensure its flaw potential and damage risk against the system. Penetration test attempt to access, infiltrate, penetrate, execute some possibilities by using ranked vulnerabilities (as per the result of Vulnerability Assessment) to ensure those vulnerabilities are valid and required some counter measures to fix the flaws, secure the holes and ensure security compliance.

Depth Penetration

Penetration testing is more to focus on some short ranges of vulnerabilities but exploit it in certain depth to test the validities to minimize false positives. Penetration testing is required to ensure all possibilities of vulnerabilities is being tested to prove the hack proof of certain system, therefore the cyber security assurance can be confirmed (please bear in mind that there is no such 100% secure system even by having dense PT in place)

Validate the Findings

It is important to perform validation against certain findings (usually the critical and high ranked vulnerabilities or other findings as per agreed) to ensure those vulnerabilities are valid and can introduce real impact against the system if it is utilized by threat (either internal or external). Therefore penetration testing is required on this case to protect the organization from real scenario, prevent from risk exposure, mitigate some possibilities (if prevention can’t be implemented) and so on.

Bring the Solutions

Penetration testing can be seen as the more detail way to assessing the way of attack and its vector so we can strategize the counter measure by more efficient way, cost effective and shot into the target. Ensure the flaws are not repeated, closed as tight as possible, leverage the security level, confirm the security guard implementation. Penetration testing provides such detail recommendation by incorporating some vulnerability assessment results in order to give excellent solutions to the client.

PT is Depth - Only for Specific Entities

Penetration testing is needed only by certain entities that require more detail and specific activities to bring the security level into next level, it is not common to be implemented to all type of organizations, but it is really required to be performed on the organization that has strong security requirement, dealing with critical infrastructure and having critical risk exposure.

Penetration Testing in IT and ICS Environment

PT and Its Execution

Penetration Testing (PT), as the method to validate ranked vulnerabilities against audited system, it can be executed by such integrated dedicated PT software such as Metasploit, or using certain techniques in partial approach such as NMap, SET, password cracking, wifi cracking, etc.

We offer PT to validate certain system vulnerabilities both in Information Technology (IT) and Industrial Control System (ICS) environment. Specific precaution for performing PT in ICS environment will be based on case per case and initial assessment regarding system architecture, complexity, criticality, safety exposure, emergency preparedness, system capability and some other consideration prior to execute the PT under the life ICS environment. By default the PT in ICS environment is not performed in life system, due to the risk exposure and business concern – seek the other alternative to reflect the audited system.

Safety - Technical - Assurance

Performing penetration testing in Industrial Control System (ICS) environment should ensure the safety assurance, complying with technical framework as the baseline to ensure the cyber security assurance as the life cycle concept to be pursued. By default we don’t offer live system PT against any kind of ICS environment.

Safety first, as the ultimate goal of all activities that we offer to the client

Validate the Vulnerabilities - Get Penetrate Now!

Contact us at fedco[at]fedco.co.id for any further inquiry regarding the Penetration Testing (PT) in IT and ICS environment – Be Our Next Client