Vulnerability assessment and penetration testing of websites, networks, software, systems, API interfaces
Vulnerability testing, penetration testing, pentest, pentest, website security testing service
With our vulnerability assessment and penetration testing service, we expose vulnerabilities that can be exploited by attackers to take control of our customers' networks, systems and software, either manually or automatically.
Contact our ethical hacking colleagues via Quotation button and ask for information about the threats to the systems you operate!
The purpose of vulnerability testing
The purpose of a vulnerability assessment is to identify and then remediate vulnerabilities and potential threats to the systems operated and defined by the Organizations, thereby reducing the likelihood of a compromise or data leak.
The most common vulnerability types
Although the vulnerabilities we have identified fall into an extremely wide range of types (e.g. OWASP Top 10), we have identified three main groups of vulnerabilities that are reported in almost every audit, even for information systems audited annually due to changes in operation and development.
Configuration gaps
When operating servers, configuration settings can be applied that reduce the security of the system and the data it handles. These are typically only discovered during investigations because operators are unaware of the potential for attack.
Failures in developments
If the Organization uses and/or produces custom-developed software that is not commercially available or security-certified, the software may contain vulnerabilities that compromise the security and availability of the system and the data it manages.
Manufacturer vulnerabilities
High and critical risk vulnerabilities are periodically found in all software in circulation, and their patching and update remediation can often be delayed due to update cycles, leaving the system and the data it manages under severe threat.
Why is regular monitoring important?
Increased exposure to attacks
Over the past few years, the number of attacks on online websites, services and network infrastructures has multiplied. Attackers now have the tools to carry out attacks en masse and in an automated fashion, without the need to select potential victims, making a small business of a few people or a multinational corporation a target.
Complying with the law
In addition, ensuring data protection is important not only to protect reputation, but also to comply with the law. Data controllers and operators must take responsibility for the protection of personal data. In the event of a cybersecurity incident, failures in protection measures will be investigated and sanctioned by the authorities - which will be treated as an even more serious breach under the General Data Protection Regulation (GDPR), which will be introduced in 2018.
Evolving, vulnerable software
A system becomes vulnerable after a while even if developers don't change anything. On the operator side, there is a "what works, we don't touch" attitude, so neither the running systems nor the frameworks are updated. This in turn means that newly discovered vulnerabilities will not be fixed either. For this reason, a one-off scan is not sufficient, and the operation should be repeated at least annually, or in the event of a major change.
General types of vulnerability testing
Black-box vulnerability testing
The essence of black-box testing is that we do not use any internal operator and developer information (platform, framework, etc.), we only use the options available to an external, remote attacker: publicly available interfaces, registration options and forms, test pages left out, information indexed by search engines (intended for internal use).
Gray-box vulnerability testing
In the case of gray-box testing, we use client and admin (client, registered user, administrator, etc.) side information, technical details and documentation, so we have full access to the interfaces and interfaces of the system under test - taking into account the client's restrictions and criteria.
White-box vulnerability testing
White-box scanning uses not only client-side (client, registered user, etc.) information, but also a detailed description of the Client's system, including the running infrastructure, frameworks used, source code and configuration files. With this knowledge, our experts can prevent an internal compromise attempt.
Penetration test or vulnerability test?
Penetration test (pentest) service
In some cases, it is also necessary to validate vulnerabilities discovered in a vulnerability scan to see which vulnerabilities can be exploited by which methods. This will greatly assist in the planning of the patching process and the implementation of patches.
Vulnerability assessment | Penetration test | |
---|---|---|
Vulnerability… | identification | identification + exploitation |
Network direction | external / internal network | external / internal network |
Strategy | black‑ / gray‑ / white‑box | black‑ / gray‑ / white‑box |
The essential difference between vulnerability testing and penetration testing is that while the former stops at the identification of vulnerabilities, the latter includes the practical testing and validation of the vulnerabilities discovered, the aim of which is to allow the tester to get as deep as possible into the system or network and reach a higher level of authorization.
The penetration test is performed under strict supervision of the Client, as the availability of the tested servers and the confidentiality and integrity of the data on them are not compromised under any circumstances.
Other vulnerability testing services
Simplified (WordPress, Joomla, Drupal, PrestaShop, etc.) vulnerability scanning
Rapid Vulnerability Assessment, Rapid Penetration Test
In a number of areas, we may encounter security-critical infrastructures that are under continuous development and change, where a full vulnerability assessment performed annually is not sufficient, but the value of the changes is not enough to increase the frequency of full vulnerability assessments by the operator and/or development organization.
In these cases, a simplified vulnerability assessment (Rapid Vulnerability Assessment, Rapid Penetration Test), which is performed quarterly (or more frequently) and focuses only on the potential negative security impact of changes to the system, may be useful.
System-level vulnerability assessment, operating system audit
In a system vulnerability audit, we perform the audit on the operating system itself, covering all technical parameters and operational steps that may affect the security of the target from a cyber defence perspective.
Red Teaming, Threat Led Penetration Testing (TLPT) service
With our Red Teaming service, you can test your organization's detection and response capabilities, as this attack strategy is much more sophisticated and cautious than what defensive solutions would clearly treat as an attack.
The so-called Advanced Persistent Threat attack series is a series of attacks that attempt to penetrate and obtain evidence from the infrastructure under test over a larger time window, primarily through manual, non-offensive means.
Investigations can highlight attack vectors that are not yet detected, identified and properly addressed by the defensive solutions and procedures in place within the organization.
Cloud (AWS, Azure) vulnerability and penetration testing
Amazon Web Services (AWS), Microsoft Azure vulnerability assessment, penetration test
The process of testing services hosted in the cloud is somewhat different from traditional vulnerability assessments and penetration testing, so we have a dedicated strategy and tools to prepare for when our customers run their development in Amazon Web Services or Microsoft Azure.
Identifying backdoors to a compromised website or system
There is a possibility that a server that has previously been the victim of a cyber attack, but has been patched after the incident, may still have a backdoor that could allow attackers to gain access to the system. By scanning the source code and library structures, we will identify these malicious codes to completely exclude the perpetrators from the system.
Report review
With no vulnerability assessment software currently on the market that can perform low false-positive and false-negative error rates in more complex environments, our customers may require interpretation and review of reports from their in-house scanners.
Internal vulernability scanning as service
With Makay Cybersecurity Ltd's proprietary SEC (Scanner + Evidence Collector) vulnerability scanning framework, Organisations can keep their internal network infrastructure under control with automated scans that are far more detailed than market scanners, whose status is analysed by our experts and then recommendations for necessary actions are compiled.
Process of vulnerability assessment
Preparation
Planning
Testing
Reporting
Post-testing
Consultation: During the free consultation (in person, email, Signal, WhatsApp, Telegram) the type of test(s), scope, time interval and price will be determined.
Contract: The scope of the selected test(s), the time interval of the test(s) and the price will be specified in the contract of engagement. A confidentiality and non-threat declaration will guarantee the security of the data and results, and the Client agrees to the operation by means of a legal declaration.
Strategy planning: We plan the test strategy based on the functionality of the servers and other network points within the scope defined by the Client.
Mapping: Before starting the scan, we map the servers in scope and their open ports so as not to unnecessarily load the running infrastructure and hinder availability.
Scan: We will perform the scan on selected servers using automated and manual tools, using the methods specified in the contract.
Employment testing: The Client may allow the validation (exploitation under controlled conditions) of discovered vulnerabilities, which will give a more comprehensive picture of their true severity.
Report: Explain in a detailed management and expert report (in Hungarian and/or English) the type, exploitability and exact location of the vulnerabilities discovered, supplemented by log files generated during the investigation, verifying the circumstances of our work.
Recommendations for repairs: If there are any vulnerabilities in the inspection report that require further consultation to repair, we will supplement the Client's repair plan with a joint agreement.
Remediation inspection: After the vulnerabilities discovered have been repaired, we will verify the success of the repairs.
Final Report and Consultation: The results of the remediation investigation will be presented in detail to the Client in the form of the baseline report, and if further consultation is required, we will jointly develop the next steps.
Methodologies and recommendations for remediation investigations
Scans performed by Makay Cybersecurity Ltd. professionals may be conducted in accordance with or based on the following methodologies and recommendations:
- Web Security Testing Guide – OWASP WSTG
- Mobile Security Testing Guide – OWASP MSTG
- Application Security Verification Standard – OWASP ASVS
- Mobile Application Security Verification Standard – OWASP MASVS
- The Penetration Testing Execution Standard – PTES
- CIS Benchmarks – CIS
- Open Source Security Testing Methodology Manual – OSSTMM
- Information Systems Security Assessment Framework – ISSAF
- B.A.S.E – A Security Assessment Methodology – SANS
- Technical Guide to Information Security Testing and Assessment (SP800-115) – NIST
- Penetration Testing Guidance – PCI DSS
- The Vulnerability Assessment & Mitigation Methodology – RAND
- Penetration Test Guidance – FedRAMP
- MSZ ISO/IEC 15408 – Magyar Szabványügyi Testület
Ethical hacking and other cybersecurity certifications
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
- Pentester Academy Certified Red Team Expert (CRTE)
- Certified Red Team Operator (CRTO)
- Web Application Penetration Tester eXtreme (eWPTXv2)
- Wireshark Certified Network Analyst (WCNA)
The tools used in the vulnerability assessment
The vulnerability scanning and penetration testing we provide does not just consist of running one of the major scanners (Nessus, Nexpose, Acunetix, Burp Suite Professional, etc.). Our scans use the most advanced mapping, analytical, investigative and intrusive targeting tools, as well as proprietary solutions - the results of which are used to produce revised, detailed reports that are understandable to the layperson.
Every step of the scan is logged by a network monitor, making the details of our activity transparent, proving that any downtime that may occur during the scan is independent of us.
Security certification for software, systems and services
In this day and age, with a high-profile cybersecurity scandal every week, for a company, keeping customer data verifiably secure is a matter of prestige that should be communicated to customers. With the following logo, Makay Cybersecurity Ltd. OWASP Application Security Verification Standard, Mobile Application Security Verification Standard or Web Security Testing Guide and Mobile Security Testing Guide based vulnerability assessment and/or penetration test, companies can demonstrate that they pay serious attention to the security of their software products.
On completion of the test, our experts will automatically offer you the opportunity to display the badge, for more details on this page.
Quote for a Productivity Assessment Service
Contact ethical hacker colleagues using the Quotation button and request a quote for the threat to the systems you operate!
Highlighted references on this topic
Automated vulnerability scanning software
Acunetix, Metasploit, Nexpose, Burp Suite, IBM AppScan, Rapid7 AppSpider, Fortify WebInspect, Netsparker
Attention! Vulnerability scanning software is not a substitute for a full-fledged scan performed by Makay Cybersecurity Ltd. experts and their exclusive use does not meet the internal vulnerability scanning controls of various requirements (ISO27001, NIST SP 800-53, OWASP WSTG, PCI-DSS, etc.).
With no vulnerability testing software currently on the market that can perform low false-positive and false-negative error rates in more complex environments, our customers may require interpretation and review of reports from their in-house scanners.