Penetration tests

Penetration tests are one of the basic manners of protection of IT systems against intruders. Their aim is to identify as many vulnerabilities and defects that may pose threats for the security of telecommunication and IT infrastructure at the organization as possible.

The test consists in simulating actions of an intruder in a specified scope of systems and applications. Both individual systems, services, web applications as well as complex IT environments together with their workstations and network equipment can undergo penetration tests. Scenarios for simulated intrusions, as required by the Client, may cover passive attempts to break the security measures, obtaining specific data, escalating privileges or penetrating private networks. Intrusion attempts are made from agreed IP addresses of a public or private network, with zero knowledge of the system operation or in accordance with the agreed scenario; e.g. the experts know credentials for given resources, the roles within the web applications tested, etc. A significant phase prior to penetration testing is the arrangement of the scope of the test, so that it reflects the real threat scenarios possible.

A common practice of IT systems providers is lack of guarantee for their security. The responsibility for proper protection of the application is vested upon the system recipient. Integrity and complexity of modern systems make a successful verification of their correctness quite difficult without a specialist expertise. What is more, any organization caring for proper level of protection for its resources is forced to apply comprehensive actions while an intruder usually selects the weakest point in the infrastructure, which in most extreme cases can be located outside the infrastructure of the organization, e.g. the hosting company being the service provider for the organization given. Due to that fact the company needs to perform temporary testing simulating real actions of possible intruders, in order to provide proper level of protection. Consequently it is possible to identify the threats that are invisible from the point of view of the organization itself.

Cooperation with our experts will provide you with a knowledge concerning among others: the security quality of your systems and configurations, level of employees’ adherence to the guidelines of the security policy in the organization, what real threats are introduced by the vulnerabilities found and how to eliminate them. Our methodology of manual testing enables us to identify non-standard problems and provides the highest quality of our service, as well as guarantees comprehensive and detailed evaluation of IT threats.

Exemplary course of a penetration test:

• Arrangements concerning the scope of the test.
• Initial reconnaissance.
• Identification of vulnerabilities.
• Attempts to use the vulnerabilities and escalation.
• Technical report with repair instructions.
• Report consultations.
• Final report with a summary for the executive officers.


• Repair actions taken by the organization or the software provider.
• Optional retest.

If you have any questions or require any additional information, please contact our experts.

All rights reserved © Copyright 2009-2012

ISEC Sp. z o.o.    tel. +48 22 3896977    info@pentest.pl