Infrastructure Pentesting

Infrastructure Pentesting

External, internet visible IT systems are attacked daily. It is therefore often required to test these systems periodically or when significant changes are applied. Usually, vulnerability scans are the basis for such assessments, while manual verification of all findings and risk ratings are performed. However, it is equally possible to perform such assessments on internal networks, and also on very specific parts of the infrastructure (such as the e-mail infrastructure or VPN infrastructure).

Secura uses automated scanners such as ‘nmap’ and Nessus to identify active hosts and services within the given scope. Specialised tools will then be run to identify services (a process called ‘fingerprinting’), such as for FTP-servers, SSH-servers, SIP-servers or database servers. After ‘fingerprinting’, specific vulnerability scanners for the identified service will be used. The output of these scanners will be validated and ‘false positives’ will be removed so that our reports are accurate. If and when relevant, we will utilize fuzzing techniques to identify vulnerabilities that might lead to unauthorized access.

If we identify web servers, we will also scan these with specific web-application vulnerability scanners. If time permits, we will also test the publicly accessible parts of the web applications for security issues.

In case we find vulnerabilities for which exploits are available, Secura can apply these against the target systems to verify the existence of the vulnerability, if agreed upon beforehand. To do so, Secura uses tools as well as manual penetration testing techniques. Depending on the situation, this can lead to complete control of the system. Secura will only execute these attacks after discussing this with the customer and when both parties decide that the risks are acceptable. Secura follows standard pentest methodologies such as PTES and OSSTMM for an infrastructure assessment.

I'd like to know more about Infrastructure Pentesting

USP

Related Services

CLOUD Pentesting

Pentest services

A Cloud penetration test (or pentest) assesses the strong and weak points in cloud-based systems to improve the overall cloud security level.

Wi-Fi Pentesting

Pentest services

Wireless technology remains a weak spot in many infrastructures. A Wi-Fi penetration test, or pentest, will reveal wireless weak points, exploit the vulnerabilities and provide clear advice on how to mitigate the risks to an acceptable level.

Industrial Vulnerability Assessment / Pentest

Pentest services

Within industrial environments, cybersecurity testing requires a specialized approach. This is mainly due to the different risks and threat models within Operational Technology (OT).

Why choose Secura | Bureau Veritas

At Secura/Bureau Veritas, we are dedicated to being your trusted partner in cybersecurity. We go beyond quick fixes and isolated services. Our integrated approach makes sure that every aspect of your company or organization is cyber resilient, from your technology to your processes and your people.

Secura is the cybersecurity division of Bureau Veritas, specialized in testing, inspection and certification. Bureau Veritas was founded in 1828, has over 80.000 employees and is active in 140 countries.