Home / Cyber Security Services
Cyber Security Services
Penetration Tests over
the Internet
These are control services in which an organisation's resources accessible via the internet (DNS, FTP, e-mail, web, cloud systems, firewall etc.) are accessed optionally with authorised or unauthorised user rights using various tools and methods to identify known and possible vulnerabilities before attackers.
Penetration Tests over
Local Network
Security tests carried out within the local network involve accessing servers and systems audited from an organisation's local network. These audits include security scans against known gaps, security scans on applications depending on the type and system configuration controls.
Red Teaming
With an attacker-like approach, our team attempt to find vulnerabilities, gain access to critical data, leak into private networks and find other vulnerabilities on systems, networks and applications.
Different from other tests, red teaming assessment pinpoints exactly where your vulnerabilities are without actual damage.
Web Application
Penetration Tests
In comparison to other applications, web applications must be handled using more advanced methods due to their complex structure, diversity and variability of available applications. The main purpose of web application security tests is to perform controls on applications on the internet/intranet with different user rights in terms of the standards defined by OWASP and identify vulnerabilities.
Mobile Application
Security Tests
The rapid rise in the use of mobile devices leads to an increased number of applications available for devices. Such applications developed using different technologies may also contain vulnerabilities just as standard web applications do. These tests enable organisations to control applications and systems developed for iPhone and Android mobile devices.
Internet of Things
Security Tests
These tests are carried out against IoT devices, the end servers, cloud systems, applications they are communicating, and applications that are used for controlling the devices. These tests include fuzzing open ports, dumping data/firmware from hardware and bus sniffing to find any crucial information that is confidential.
DOS/DDoS Tests
DOS/DDoS tests are performed to see how an organisation's systems behave under different attacks aiming to disable the systems and identify possible configuration errors by measuring the effectiveness of the current precautions. In DDoS tests, DDoS attacks are carried out over botnet with HTTP requests sent using 1000 different IP addresses are also simulated.
Source Code
Analyses
These services include the examination of applications developed in ASP.NET, JAVA, C#, C++ and PHP languages. The qualified staff in security software development utilise static code examination methods and identify problems within the code.
Social Engineering
Tests
Social engineering tests are controls aimed to identify vulnerabilities caused by end-users and processes used in the organisation. Even the most flawless security system may fail due to user errors; therefore, social engineering tests involve the assessment of the security awareness level of end-users to identify vulnerabilities in this regard.
Secure DevOps
In today's world, with everything being agile, the development process changes dramatically, by and large, resulting in security tests being the bottleneck of the whole process. To solve this issue, Penetra integrates into the development process and run penetration tests on the small segments and functions of the application that are developed afresh, rather than the entire application.
Breadth-First
Security Tests
In these tests, not a specific system, server or application are targeted by an attack, but directly organisation itself or a more specific part of the organisation such as hardened SWIFT systems. This way, the possible activities of an attacker will be simulated.
Hardened Systems
and DLP Controls
The fact that working from home becomes more prevalent, hackers now have greater opportunities for exploits and breaching data. Corporates sole concern, now, is to ensure the end-user computers' security to prevent the loss of critical data. Particularly, the systems that are more critical are attacked locally and remotely to point out the vulnerabilities.