1


Penetration Testing
High security maturity can be verified by Nullforge by employing mixed type of attack scenarios with industry-recommended tools to test the effectiveness of your security. The sole objective of this test is to gain access to critical resources.



What is a Penetration Test?

Penetration testing is a process where our team would analyze, enumerate and exploit all known security vulnerabilities found on your systems or applications. Exploiting those vulnerabilities you will be able to understand the risk and the depth of that attack and thus will be able to prioritize those risks.

There are two known approach performing penetration testing, these are black-box and white-box approach, during a black-box engagement Nullforge team is only given very less information about the target system, it is part of our duty to expand that information and chain those attacks in order to achieve the goal of accessing sensitive information such as PII, credit card information and company trade secrets. In contrast the white-box approach are provided with handful of information making it easier for the testers gain access.


How Often do you need Pentest?

With technology rapidly evolving, frequency of performing a penetration test on your systems and applications should be in parallel with that rapid evolution. Whenever you deploy new system or application penetration testing should come next to recheck the security posture of the new deployment. Security testing or penetration testing is not a one time process, but should be part of the IT life-cycle whether it's hardware or software.


Types of Pentest

The type of penetration test heavily depends on the client's needs. Nullforge offers the following types of penetration tests.

Wireless penetration test, wireless access points and hotspots are everywhere, from malls, restaurants, coffee shops and even your company. Wireless technology has gained its popularity, this popularity has also exposed many of its vulnerabilities. The wireless penetration test will help you identify the security vulnerabilities that an attacker can exploit and use it to gain access to your internal network.

Web application penetration test, having a web application is your basic presence in the cloud and it is also the most vulnerable as this is publicly exposed to thousands of attackers, performing a web application penetration test will identify all attack vectors tied to the application, it could be a web application bug or the web server itself.

Mobile application penetration test, having a computer in your palm was revolutionary, to date, there 30 billion mobile app downloads in iOS upstream and 15 billion downloads in the Google Playstore. But did you know that these mobile applications are the sweet spots of attackers due to its lack of security? With mobile application penetration test your chances of exposing your internal infrastructure are minimized.

Network penetration test, your network is the heart of your company pumping thousands to millions of data per second, once an attacker gets hold of your network the plethora disruption is inevitable. The network penetration test is given a fresh set of eyes to identify the threat, risks and attack vectors that attackers will be able to use to exploit.


Our Approach



Reconnaissance - In this phase, the information or data or intelligence is gathered to assist in guiding the assessment actions. The information gathering process is conducted to gather information about the web application, mobile application and network perimeter proprietary to our clients.

Threat Modeling - Threat modeling is a process for optimizing network security by identifying vulnerabilities and then defining countermeasures to prevent, or mitigate the effects of threats to the system. The threat modeling is used to determine where the most effort should be applied to keep a system secure.

Vulnerability Analysis - Vulnerability Analysis is used to identify and evaluate the security risks posed by identified vulnerabilities on the web application, mobile application and network perimeter of our clients. Nullforge Vulnerability Analysis is divided into two steps, Identification and Validation.

Exploitation - Nullforge will attempt to exploit all vulnerabilities found on the web application, mobile application and network perimeter of our clients.

Post Exploitation - In the Post-exploitation phase, Nullforge determine the value of the machine compromised. The value of the machine is determined by the sensitivity of the data stored on it and the machine’s usefulness in further compromising any system within the clients network.