Practical testing of system and network security
Penetration testing is a practical test of IT system security. The test involves a controlled attack on the IT infrastructure. The customer receives a realistic assessment of the infrastructure security status, indicating the vulnerabilities that can be used to compromise the security.
This service provides the Customer with knowledge about the level of system security, including the analysis of detected security vulnerabilities. The knowledge and experience of our experts allow us to formulate precise technical recommendations that allow us to eliminate threats and optimize the costs of implementing security measures.
The service addresses the requirements of the GDPR or The Directive on security of network and information systems (NIS Directive), ISO/IEC 27001 and ISO/IEC 20000.
The penetration test consists of five stages, during which BLUEsec experts:
- determine the vector of attack,
- indicate the methods of conducting the audit,
- develop a dedicated test scenario and checklist,
- perform automatic and manual tests,
- will carry out the analysis of the collected data,
- will prepare a precise report.
What types of tests can be performed?
- black box – with zero knowledge of the system, it reflects the real knowledge of the potential attacker and the course of the attack itself to the greatest extent,
- gray box – a compromise between black box and white box, containing elements of both approaches, e.g. using user accounts with different permissions,
- white box – with full knowledge of the tested system, with full access to the project documentation, source code, the configuration of network devices, etc.
Which test is relevant for your organisation?
The safety of industrial automation systems is a key element to ensure the continuity of the organization's operations.
Tests are designed to verify the actual resistance of industrial infrastructure to attacks from both outside and inside the organization. Whole industrial networks, as well as single devices or controllers, can be tested in this area.
As a result of the tests, the Client receives information on security vulnerabilities that can be exploited by the attacker. The report also indicates methods to remedy threats, whose main goal is to maintain the full functionality of industrial networks and devices.
Application testing is designed to identify security vulnerabilities in applications used by the Organization.
- mobile applications,
- Web applications,
- client-server applications.
Security of Key/Digital Services is "achieving an appropriate level of security of information systems used to provide services and ensure incident handling". (quotation from Article 3 of the Act).
Penetration tests carried out as part of the critical infrastructure test are aimed at evaluating the security level of individual systems used to provide key or digital services.
What can your organization gain from penetration testing?
Knowledge of system or infrastructure security
Identification and analysis of detected security vulnerabilities
Proven methodology, developed on the basis of recognised OSSTMM, NIST and ISAAF methodologies
Report contains technical recommendations to eliminate risks
Knowledge and experience of experts confirmed by certificates
Optimization of infrastructure/application securing costs
What distinguishes BLUEsec experts?
- We are a young and dynamic team
- Our knowledge is confirmed by international certificates
- We conducted tests of IT environments, OT, critical infrastructure, Web and mobile applications.
- We have a great experience in performing security tests
- We have been trusted by both state and private organisations