Penetration Testing - Penetration Testing, Penetration Testing India, Ethical Hacking India, Mumbai, Delhi, Bangalore, Chennai, Hyderabad, UAE, Dubai, Kuwait, Bahrain, Qatar, Saudi Arabia, Malaysia, Singapore, Thailand, Far East, vulnerability assessment india, Appesec, penetration testing services, penetration testing exercise, network architecture review, Application Security Audits, black box testing, CEH, OWASP, OSSTMM, social engineering, web site audit, web application security audit, penetration testing mumbai, ethical hacking training india, network security audit india, penetration testing india, ethical hacking india, black box testing india, Network Architecture Review, Risk Assessment, application security audit india, risk assessment india, database security auditing, oracle security auditing, sybase security auditing, web application security india, source code review india, application security testing india, network audit india.

Penetration Testing

Penetration Testing or ethical hacking is an exercise that attempts to simulate the techniques adopted by an attacker to compromise your systems. It helps to highlight those vulnerabilities which could be exploited by a remote unauthorized attacker. NII's penetration testing service is a highly creative, out-of-the-box engagement, and often results in new vulnerabilities being discovered or a new tool being developed from such an exercise. Visit the following links to get a better insight of our penetration testing related research activities:

Penetration Testing

Vulnerability Assessment

A penetration testing exercise can be structured in various ways:

Application Security Audits

A penetration test could focus exclusively on your web applications. This could be done at various levels

Black-box testing: Here, we only know the URL of the website. Enumeration of technologies, mapping of the website, identification of fault injection points, determining input validation vulnerabilities, or logical security vulnerabilities, and the OWASP top 10 attacks are all part of this exercise.

Grey-box testing: Often enough, a web application involves authentication and authorization components. In order to be able to test these, we request for a dummy user account with the least level of privileges within the application. Using this account, we are able to log in and test for various flaws in the authentication scheme, as well as attempt to escalate our privileges and bypass authorization restrictions. Read our list of advisories here.

Network penetration testing

This type of a penetration test involves identifying the targets through Google searches, WHOIS, DNS queries, etc. Fingerprinting and identifying vulnerabilities. Exploitation of these vulnerabilities depends on whether it is part of the engagement or not. Limited exploitation is always done in terms of password guessing, directory traversals, file uploads, etc. However, stronger exploitation such as Denial of Service attacks, Buffer Overflow exploits, etc., are carried out only if the possible fallouts from such exploitation are accepted prior to the engagement.

Automated port identification

In large and very large networks, the number of public IP addresses, and the ports exposed on these IP addresses can vary on a daily basis. What is required is an automated way to periodically scan a large range of IP addresses, determine what ports are open, and attempt to identify the service running on those ports. What is even more important is to produce trending analyses reports, which show new IP addresses or new ports that have appeared since the last scan was run. NII offers a secure portal to its customers, where they can log in, enter their ranges, run the scans, view the reports and compare with previous scans.