Penetration Test And Analysis Services
An audit service that aims to discover potential security vulnerabilities in Internet accessible institutional resources (DNS, FTP, email, web, firewall, VPN, teleconferencing, etc.) using various tools and methods with different user rights and profiles before attackers detect and abuse them. These tests are performed using various commercial and open-source vulnerability scanning tools capable of testing the technology used, software developed by our experts, and manual checks that reflect the experience of the tester mainly. Each penetration tester develops these tests based on the test methodology developed by Cyberwise and kept up to date.
These are penetration tests conducted through the internal network of the organization with different user profiles and access points to identify configuration errors and security problems in the systems, applications, and infrastructure used by the organization. These tests primarily examine active directories, databases, virtualization systems, voice infrastructure, clients, and special infrastructures that can be used according to the organization's field of operation. These tests are performed using various commercial and open-source vulnerability scanning tools capable of testing the technology used, software developed by our experts, and manual checks that reflect the experience of the tester mainly. Each penetration tester performs these tests based on the test methodology developed by Cyberwise experts and continuously updated.
Web applications need to be evaluated using more advanced methods compared to other network applications due to their complex structures, the variety and variability of applications that can be used. The main purpose of web application security testing is to check application problems based on different user rights using OWASP as a reference according to the methodology developed by Cyberwise experts and to identify vulnerabilities. These studies address numerous points, such as application problems and vulnerabilities, the platform the application runs on, the technology it uses, its performance, and logical flaws that may arise in the functions designed to be fulfilled.
Penetration testing is conducted to uncover vulnerabilities that may exist in applications designed to work on mobile devices, regardless of the manufacturer and technology. In these studies, both the client-side and the applications that communicate with mobile clients in the background are checked with different user rights and profiles. All elements that pose a risk are identified based on the test methodology continuously updated by Cyberwise experts.
These are tests carried out with the aim of measuring the effectiveness of the environmental security measures and monitoring systems used by the organization, determining whether the organization's security teams act in accordance with the designed processes, and observing how actions are taken in the event of an attack. In these tests, various attack vectors are attempted to reach the set target by acting like an attacker. For this purpose, activities such as OSINT research, special hardware and malware preparation, vulnerability exploitation are carried out within a planned time frame.
DoS/DDoS testing is performed to see how corporate systems behave under different attack scenarios that aim to disrupt the services and to identify possible configuration errors by measuring the effectiveness of the existing measures. Controlled DoS/DDoS attacks can be performed on the network and application layers using an infrastructure that allows techniques that must be applied in these tests, such as IP spoofing. In addition, application layer attacks can be sent to target systems using 1000 different IP addresses, and botnet simulation can be performed.
Applications should not only be secure but also perform efficiently. Web application load testing is conducted to measure the performance of applications. These tests aim to observe how applications behave under different scenarios and user loads, and determine the maximum and optimum performance values that the existing infrastructure can handle. As a result, by gathering information from the tested points and the system or application where the test is performed, the service contributes to taking performance-enhancing measures. It identifies performance bottlenecks in the application and provides improvement suggestions. This service can be provided by Cyberwise using their in-house developed testing software either through the cloud or the Cyberwise infrastructure.
The wireless network infrastructure, components, clients, and systems used by an organization are examined for configuration errors and vulnerabilities they may possess. Tests are conducted from within or outside the organization's network to assess activities such as penetrating the organization's wireless network, transitioning from a guest network to other networks, gathering information from employees through rogue networks, and verifying the configuration of the wireless network management system.
Social engineering tests are conducted to identify vulnerabilities arising from employees and processes within the organization. Even the most comprehensive security systems can be insufficient in the face of user errors. Social engineering tests measure the security awareness level of employees and expose human vulnerabilities. These tests involve using various methods to persuade individuals to disclose information or engage in actions that pose security risks. Attacks are launched through email, phone, or specially prepared hardware to convince the user, and the general awareness level is determined. Following such attacks, individuals may be directed to awareness training provided by Cyberwise to further enhance their knowledge and understanding of security.
It refers to the process of assessing and identifying potential security issues in ORACLE, MSSQL, MySQL, IBMDB2, POSTGRESQL database systems from the perspective of authorized users within an organization.
Segmentation testing involves analyzing and testing logical differentiations and network segments implemented on firewall systems or similar systems to ensure compliance with international standards such as PCI. These analysis and testing activities include remote tests, configuration audits, and checks to determine if there are any problems or rules that may disrupt segmentation controls or the intended security mechanisms.
This service involves the examination of applications developed in JAVA, C#, C++, and PHP languages using static code analysis methods by specialized personnel to ensure secure software development. Commercially licensed software tools are used for these assessments, and the output is carefully analyzed to identify any issues or vulnerabilities within the code, which are then reported.
Malware analysis service focuses on analyzing malicious software specifically targeting an organization. The analysis aims to provide information on how the malware operates, which systems it communicates with, its structure, propagation methods used, its main purpose, and recommendations on how to remove the malware from affected systems.
Errors or omissions made during the creation of firewall rules can lead to unintended connections to protected systems. As the number of rules and firewall administrators increases, the potential for mistakes and risks also increases. Another common problem is the failure to modify rules that have been in place for a long time. These rules are often left unchanged due to concerns about potential connectivity issues if they are removed, but they can introduce security risks. Firewall rule analysis aims to identify the risks associated with the rules in place on the organization's firewall systems.
These are tests conducted to assess the effectiveness of Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Using tools developed by Cyberwise experts, these tests simulate attacks that target vulnerabilities that the protected systems may be susceptible to. The tests determine which attacks are successfully mitigated by the WAF and IPS systems. By analyzing the results, configuration errors and deficiencies in the surrounding security measures can be identified. Solutions can then be developed to address the identified issues and enhance the overall effectiveness of the existing system.
SIEM (Security Information and Event Management) software is one of the most important applications used for security monitoring purposes. Its effectiveness relies on various factors such as accurate and timely detection of security incidents, proper selection of log sources, quality of rules created for generating alarms, and the ability to perform accurate correlation. In this service, tests are conducted based on commonly used attack methods and attack techniques in the MITRE ATT&CK framework to determine which ones trigger alarms, check for incorrect, missing, or duplicate rules. The simulations performed provide the SIEM system and the monitoring team with capabilities such as prioritizing events, increasing attack visibility, and better analyzing attacker behavior to take appropriate actions.
These are services conducted to measure the quality of security monitoring services operated or obtained by the organization and their adherence to defined processes. Technical attacks are performed to assess the competence of the monitoring team and the technology used, while tabletop exercises measure how the elements involved in the process behave, make decisions, and respond in different situations.
These services aim to uncover all the details related to an incident, such as how it occurred, the methods used, the systems it communicated with, its potential spread, the vulnerabilities that led to the incident, and how they can be mitigated. The goal is to uncover these details along with the timeline of events.
This encompasses end-to-end security analyses for all components within Internet of Things (IoT) infrastructures. Penetration testing in this area involves security analyses of hardware, firmware, communication protocols, cloud systems, web/API services used, and security analyses of web/mobile applications specific to the IoT infrastructure, considering specific scenarios related to the IoT infrastructure.