Penetration Testing

Xanthus Security offers various types of penetration testing:

Our technical team have the skills, the knowledge, and the ability to test your software or hardware systems for any security vulnerabilities it may have encountered.

What Type of Penetration Test Do You Need?

Network Service Tests

Our Network Service Tests aim to discover the vulnerabilities and gaps in your network infrastructure. The network may have internal and external access points therefore test should be run locally at your site as well as remotely from our offices.

During the penetration testing, our expert testers will target the following network areas:

Web Application Tests

Web application tests are more intense and detailed. Here our expert testers pen test web applications, browsers, and browser components such as ActiveX, Applets, Plug-ins and Scriplets. A web application test examines end points of each web app that a user may interact with daily.

Client-Side Tests

Client-Side Tests identify security threats. Software applications and programs such as Putty, Git clients, Sniffers, browsers (Firefox, Chrome, Safari, IE) may have flaws where a hacker can easily manipulate. Commercial off-the-shelf (COTS) applications are also often found vulnerable if flawed.

Locally developed tools are also included in these tests. Using uncertified OSS to develop homemade applications may also cause security threats.

Wireless Network Tests

Wireless Network Tests analyze wireless devices such as tablets, laptops, notebooks, iPods, smartphones, etc. Our certified trained professionals will test protocols used for configuring wireless, and access points for wireless setup.

Social Engineering Tests

Social Engineering Tests verify the Human Network of an organization.

Xanthus Security will inform the appropriate people before we conduct a social engineering penetration test.

Our expert testers will run remote tests to trick an employee to compromise confidential data such as via phishing email campaigns.

Our expert testers will also run physical tests which require direct contact with the employee to get sensitive information. This can involve Intimidation, Imitation, Dumpster Diving or a phone call.

Penetration Testing as a Service

Xanthus Security also provides penetration testing as a service, either on a continuous basis, or a periodic basis.

With the penetration testing service, our trained certified professionals will deliver:

Penetration Testing Phases

Information Gathering

The first stage of penetration testing is to gather information from the organization being tested. This will provide the tester with information about targets.

Reconnaissance

Our certified trained professionals then use the gathered information to collect more details to better attack the target. The reconnaissance stage is critical for accurate security testing. Here, the pentesters can find further information that may not have been provided or may have been overlooked or unknown.

Discovery and Scanning

In this stage, we use the gathered information to perform discovery activities to detect ports and services that were accessible for targeted hosts, web applications or subdomains.

Vulnerability Assessment

We conduct a vulnerability assessment to gain knowledge and determine potential security vulnerabilities that would allow an attacker to gain access to the area being tested.

Exploitation

Once our certified trained professionals interpret the vulnerability assessment results, they use their intuition and manual techniques to confirm, attack and manipulate those vulnerabilities.

Final Analysis and Review

The experts at Xanthus Security provide a comprehensive report that includes the steps that were taken to find the vulnerabilities, and how we manipulated them. Also included in the report is the scope of the security testing, the testing techniques, findings, and recommendation for improvements.

Utilize the Testing Results

This last stage of penetration testing is very important. The organization being tested must utilize the security testing results to determine remediation strategies.