Security assessment and penetration testing

Implement the complete and comprehensive process of security assessment and penetration testing, identify all vulnerabilities and threats and provide solutions to problems and security enhancements

How does it work?

Tools and solutions are used to provide security to an organization are interconnected and if only one of them is vulnerable, the entire chain is threatened. Therefore, after implementation and deployment of all stages of security, it is necessary to consider deploying security assessments and penetration tests for the identification of vulnerabilities as well as their solutions. Mohaymen’s security group through its many years of experience in security assessment and risk analysis in various organizations and systems, has been implementing a comprehensive process of security assessment and testing. This process involves examining computer networks, communication networks, OS or Web-based software, hardware, communication protocols and encryption to identify all possible vulnerabilities and threats. Furthermore, Mohaymen’s security group provide security solutions for identified weaknesses in security strategies as well as providing solutions for enhancing security.

 

Phase I: Black Box Test

  • Collect information
  • Automatic and manual security scan
  • Penetration
  • Present report

 

Phase II: White Box Test

  • Modeling threats and systems
  • Check Front End and Back End
  • Examination of how data is transmitted
  • Check for client side vulnerabilities
  • Risk assessment based on the NIST SP 800-30 standard

 

Phase III: Penetration Test for Data Center

  • Network architecture assessment
  • Check the configuration of firewalls and other hardware
  • Simulation of attacks
  • Sniff sensitive network nodes
  • Testing current operating systems and systems
  • Examining passwords encryption

 

Phase IV: Immunization

  • Modify and improve network architecture
  • Configure secure access control lists and firewall rules
  • Install operating system patches and related services
  • Apply security policies to choosing passwords
  • Troubleshoot possible security problems found in the software
  • Provide periodic tests for network security, operating systems, services and software applications
  • Install security software and tools to increase the security of the data center