Practical Penetration Test Training 5

1
ABOUT US

• SECURIUM FOX offers cyber security consultancy
  services with its expert and experienced team. We
  are providing consulting services to prevent
  cyber attacks, data leak and to ensure that our
  customers are ready and safe against cyber
  attacks, with more than 15 years of
  experience.In addition to pentests and
  consulting services, SECURIUM FOX prepares its
  customers and field enthusiasts for real life
  scenarios by providing trainings in the lab
  environment which was prepared by themselves,
  with its young, dynamic and constantly following
  team.Everytime that hackers are in our lives,
  there are always risks that we can face with a
  cyber attack. Over the years cyber security has
  become a critical precaution for all
  organizations and companies after the effects and
  number of attacks. SECURIUM FOX tests the weak
  points of customers for possible attacks and
  provides consulting services to eliminate these
  weak points.SECURIUM FOX team also offers
  support for the development of our country in
  this field by supporting free events being
  organized as a volunteer by the Octosec team.

2

• PENETRATION TESTING AND TRAINING

3
pen test (penetration testing)

• Penetration testing, also called pen testing or
  ethical hacking, is the practice of testing a
  computer system, network or web application to
  find security vulnerabilities that an attacker
  could exploit. Penetration testing can be
  automated with software applications or performed
  manually. Either way, the process involves
  gathering information about the target before the
  test, identifying possible entry points,
  attempting to break in -- either virtually or for
  real -- and reporting back the findings.
• The main objective of penetration testing is to
  identify security weaknesses. Penetration testing
  can also be used to test an organization's
  security policy, its adherence to compliance
  requirements, its employees' security awareness
  and the organization's ability to identify and
  respond to security incidents.
• Typically, the information about security
  weaknesses that are identified or exploited
  through pen testing is aggregated and provided to
  the organization's IT and network system
  managers, enabling them to make strategic
  decisions and prioritize remediation efforts.
• Penetration tests are also sometimes called white
  hat attacks because in a pen test, the good guys
  are attempting to break in.

4
Purpose of penetration testing

• The primary goal of a pen test is to identify
  weak spots in an organization's security posture,
  as well as measure the compliance of its security
  policy, test the staff's awareness of security
  issues and determine whether -- and how -- the
  organization would be subject to security
  disasters.
• A penetration test can also highlight weaknesses
  in a company's security policies. For instance,
  although a security policy focuses on preventing
  and detecting an attack on an enterprise's
  systems, that policy may not include a process to
  expel a hacker.

5

• The reports generated by a penetration test
  provide the feedback needed for an organization
  to prioritize the investments it plans to make in
  its security. These reports can also help
  application developers create more secure apps.
  If developers understand how hackers broke into
  the applications they helped develop, the
  intention is to motivate developers to enhance
  their education around security so they won't
  make the same or similar errors in the future.

6
How often you should perform penetration testing

• Organizations should perform pen testing
  regularly -- ideally, once a year -- to ensure
  more consistent network security and IT
  management. In addition to conducting
  regulatory-mandated analysis and assessments,
  penetration tests may also be run whenever an
  organization
• adds new network infrastructure or applications
• makes significant upgrades or modifications to
  its applications or infrastructure
• establishes offices in new locations
• applies security patches or
• modifies end-user policies.

7

• However, because penetration testing is not
  one-size-fits-all, when a company should engage
  in pen testing also depends on several other
  factors, including
• The size of the company. Companies with a larger
  presence online have more attack vectors and,
  therefore, are more-attractive targets for
  hackers.
• Penetration tests can be costly, so a company
  with a smaller budget might not be able to
  conduct them annually. An organization with a
  smaller budget might only be able to conduct a
  penetration test once every two years while a
  company with a larger budget can do penetration
  testing once a year.
• Regulations and compliance. Organizations in
  certain industries are required by law to perform
  certain security tasks, including pen testing.
• A company whose infrastructure is in the cloud
  might not be allowed to test the cloud provider's
  infrastructure. However, the provider may be
  conducting pen tests itself.
• Penetration testing efforts should be tailored to
  the individual organization as well as the
  industry it operates in and should include
  follow-up and evaluation tasks so that the
  vulnerabilities found in the latest pen test are
  note reported in following tests.

8
Penetration testing tools

• Pen testers often use automated tools to uncover
  standard application vulnerabilities. Penetration
  tools scan code in order to identity malicious
  code in applications that could result in a
  security breach. Pen testing tools examine data
  encryption techniques and can identify hard-coded
  values, such as usernames and passwords, to
  verify security vulnerabilities in the system.
• Penetration testing tools should
• be easy to deploy, configure and use
• scan a system easily
• categorize vulnerabilities based on severity,
  i.e., those that need to be fixed immediately
• be capable of automating the verification of
  vulnerabilities
• re-verify previous exploits and
• generate detailed vulnerability reports and logs.

9
You can always contact with SECURIUM FOX. You can
contact us through our email addresses or by
using the contact form on the side.

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com

10

• info_at_securiumfoxtechnologies.com
• Andhra Pradesh Office
• 91 8666678997,91 91652038194
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,Gurunanak Nagar,Patamata,Vijaya
  wada,
• info_at_securiumfoxtechnologies.com
• UK Office
• 44 2030263164
• Velevate, Kemp House, 152 - 160,City Road,EC1V
  2NX
• London
• info_at_securiumfoxtechnologies.com
• Tamil Nadu Office
• 91 9566884661
• Kailash Nagar, Nagar, Tiruchirappalli, Tamil Nadu
  620019
• info_at_securiumfoxtechnologies.com

• Noida Office
• 91 (120) 4291672, 91 9319918771
• A-25, Block A,
• Second Floor,Sector - 3,
• Noida, India
• info_at_securiumfoxtechnologies.com
• USA Office
• 1 (315)933-3016
• 33 West,17th Street,
• New York,
• NY-10011, USA
• info_at_securiumfoxtechnologies.com
• Dubai Office
• 971 545391952
• Al Ansari Exchange, Ansar Gallery - Karama
  Branch, Hamsah-A Building - 3 A St - Dubai -
  United Arab Emirates