Services / Penetration Testing
We use a structured approach to penetration testing which is based on the Open Source Security Testing Methodology Manual (OSSTM) and Open Web Application Security Project (OWASP) Testing Guide.
At the conclusion of an engagement we present the client with a detailed report. This report presents the identified security issues in an easily digestible format with a focus on the risk and impact to the business of a particular vulnerability being realised. ZX Security often works with their clients pre-defined risk matrix to ensure an accurate likelihood and impact is quantified. Technical recommendations are also presented which are operationally focused to assist your staff in remediating the issues found.
External Penetration Test
- Ensuring that NZISM guidelines for server hardening have been applied (for Government clients, or those dealing with the Government).
- Determining if all applicable patches have been installed and that antivirus is working and updates scheduled.
- Ensuring any 3rd party applications installed on the server (e.g. backup agent) have had all applicable security patches installed
- Reviewing the use of administrative privileges on the server
- GSM base station emulation – this can be used to intercept and inspect GPRS traffic between a cellular device and the Internet. It can also be used to detect the effectiveness of IMSI catcher catchers.
- GPS emulation – for devices that rely on GPS to triangulate their location or synchronise time, we can test what happens when time rolls backwards or the GPS location is changed.
- Google Cloud
- Amazon AWS
- Microsoft Azure