• Deutsch
  • English

Penetration Test

Penetration Tests for All Your Needs

Penetration tests simulate an attack under controlled conditions. They are an important part of a complete security audit, and an essential step to quantifying and verifying the security of your applications. OPTIMA will work with you to structure a penetration test in a way that meets your security needs with minimal disruption to your business.

Discover how you can

  • Comply with requirements such as EU-DPD, PCI, BDSG, HIPAA, BASEL II, SOX, GLBA
  • Gain quantitative knowledge of how secure your network perimeter, applications and wireless are
  • Assure key customers, auditors and management of your organization's security
  • Reduce costs by using a team of industry leaders
  • Select options that will provide ongoing protection and monitoring of your organization's security status.

Obtain the Optimal Penetration Test for your Needs

To ensure that your requirements are covered, we offer a full range of tests including networks, web applications, web services, client-server applications, databases, VOIP installations, WLAN networks, UNIX and windows servers systems.  Here is some information about our most requested test types.  Naturally, we will assist you with more details; simply contact us at no obligation for more information.

Web Application Penetration Tests

Web applications have often proven to be vulnerable attack points and thus a recommended strategy is to perform specialized application penetration tests on web applications at regular intervals. Our application level penetration tests go far deeper than a conventional scanning: we put your applications through an extensive series of tests to verify their integrity. The intensity of the tests is graduated in steps and you are in complete control of the process.  Some typical tests are:

  • Cross site scripting
  • Injection attacks (Code, SQL, LDAP, XML, HTTP Header and others)
  • Implementation weaknesses in various programming languages
  • Configuration weaknesses in frameworks such as Struts, .NET or Spring
  • Cryptography
  • Many more ...

For complete information about our testing methodology and the range of tests possible, please contact us.

Network Penetration Tests

Your servers and workstations are the core of your IT infrastructure and store some of its most important information assets. Perimeter defenses such as firewalls and IDS offer these systems some protection, but no defense is always properly configured or deployed to keep it at maximum strength. Therefore, it is critical, that you proactively test your organization´s ability to detect, prevent and respond to network threats.

Some typical network tests cover:

  • which ports and processes are exposed
  • which perimeter defenses can be compromised or evaded
  • which systems are exposed if perimeter defenses are compromised
  • which services and vulnerabilities pose genuine threats to your network
  • how to achieve escalation of privileges on compromised systems
  • what information could be accessed, altered or stolen
  • the level of vulnerability to denial of service attacks

 
biometrics_frame

Wireless Penetration Tests

Wireless networks are everywhere. They provide difficult to control access into internal corporate networks that attackers can use to mount internal attacks.  A single weakness in a wireless device can compromise an entire internal network. Therefore WLANS should be controlled for security on a regular basis. OPTIMA will support your tests of 802.11 WLAN, ZigBee, 900MHz, 5.8GHz and legacy FHSS networks.

Typical types of tests cover:
  • Location and control of access points
  • Use of channels and SSIDs
  • Ability to access internal network from outside
  • Escalation of privileges
  • Cryptography
  • Vulnerable Services