Encode
External Network/Server-Level Penetration Testing
In general, the objective of a penetration testing is to analyse external firewalls, Internet routers, other networked systems and services visible from the Internet at large. Our aim is to ascertain security configuration through empirical methods in order to assess the level of susceptibility of the client to Internet-initiated attacks. This is accomplished by performing a controlled and managed simulation of an actual attack/intrusion attempt against the servers supporting the Internet-provided business services. The attack simulation tests the various infrastructure components against all possible attack scenarios, taking into consideration different levels of potential external attackers and resources available to them. This risk-based approach provides our clients with results relevant to their business, by identifying real-world threats and risks jeopardising their business.
The objective of the proposed exercise is to analyse the security of external firewalls, Internet routers, and other networked systems visible from the Internet at large, in order to provide the Client with the assurance required that all possible pathways of intrusion have been checked.
Web Application-Level Penetration Testing
As far as web application-level security testing is concerned, this will be an integral part of the external penetration test, as it is the only effective way to reveal possible omissions and weakness that could jeopardise an otherwise secure underlying server. Although most security breaches traditionally occur at the network or server level of corporate systems, potential intruders are now manipulating web applications inside the corporate firewall, enabling them to access corporate and customer data. Given even a minor misconfiguration in a company's web-application code, an experienced intruder, armed only with a web browser and a little determination, can break into most commercial websites.
Encode's objective is to analyse the security of the corresponding web-based applications, along with the underlying infrastructure components by performing an "Basic/Front-end" application security test for Informational Web sites and a full-blown Web Application Penetration Testing of the Web applications in scope.
Extrusion Testing
"Encode Extrusion Testing ™" has as its main objective to close the gap that both network and application penetration testing services leave behind. Extrusion testing puts the organization's web access/content security, endpoint security and information leak prevention mechanisms, as well as intrusion detection/prevention capabilities to the test against targeted, Internet-initiated "extrusion attacks". This is accomplished by using a combination of e-footprinting and e-social engineering techniques, along with mobile code attacks and state of the art Remote Access tool (RAT) technology.
