Applicative/infrastructure penetration tests

Effective Penetration Testing:

Scope:

When conducting effective penetration testing, the attack focuses on the application level itself. This includes specific applications and software tools.

Weakness Identification:

Information security experts attempt to identify and exploit weaknesses in the code of the application. This may involve weaknesses in code processes, user input handling, and the management of the application's internal platform.

Common Attack Checks:

Testing resilience against known issues and common attacks like SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and others.

Authentication and Authorization Testing:

Checking the actions that can be performed and the information accessible by users with different permissions in the system.

Infrastructure Penetration Testing:

Scope:

In infrastructure penetration testing, the attack focuses on the infrastructure components – networks, servers, routers, and physical infrastructure required for system operation.

Security Weakness Identification:

Examining access details for infrastructures and defining their security, including checking the level of security installations and regulations in the field.

External Access Testing:

Checking the security of network connection points from the outside, such as firewalls, VPN settings, and other connection points.

Compliance Checks:

Ensuring compliance with accepted standards like ISO 27001 and Cyber Protect 2.0 regulations, and ensuring efficiency in resilience and stability.

Advanced Attack Testing:

Testing the infrastructure's resilience against advanced attacks such as smart cyber-attacks, denial-of-service attacks, and similar threats.

In summary, a reliable and efficient penetration test requires a focus on a combination of effective and infrastructure tests to ensure maximum resilience against potential threats.