Cyber Security Penetration Testing

Penetration testing, also called pen testing, is a cybersecurity exercise in which a security testing expert, called a pen tester, identifies and verifies real-world security flaws–vulnerabilities–by simulating the actions of a skilled cybercriminal determined to gain unauthorized access to an organization’s data, systems, and infrastructure.

Our Process

At Winmill no two penetration tests are the same. We use the Penetration Testing Execution Standard (PTES) as a baseline to customize our services to your specific requirements. The seven stages of penetration testing as defined by PTES are as follows:

Pre-engagement interactions

Define project scope, goals, and rules of engagement.

Intelligence gathering

Perform reconnaissance against a target to gather as much information as possible to be utilized when penetrating the target during the vulnerability assessment and exploitation phases.

Threat modeling

Analysis of business assets, business processes, threat communities, and threat capabilities to identify the organization’s appetite for risk and prioritization of vulnerabilities.

Vulnerability analysis

Discover flaws in systems and applications which can be leveraged by an attacker. Flows can range from host and server misconfiguration to insecure application design.

Exploitation

Focus solely on establishing access to a system or resource by bypassing security restrictions. The main focus is to identify the main entry point into the organization and to identify high value asset targets.

Post-Exploitation

Determine the value of the compromised machine and maintain control of the machine for later use. Identify and document sensitive data, configuration settings, communications channels, and relationships with other network devices that can be used to gain further access to the network.

Reporting

We report the findings of the Penetration Test. The intended audience are those in charge of oversight and strategic vision of the security program, as well as any members of the organization who may be impacted by the identified/confirmed threats.

At Winmill no two penetration tests are the same. We use the Penetration Testing Execution Standard (PTES) as a baseline to customize our services to your specific requirements. The seven stages of penetration testing as defined by PTES are as follows:

Pre-engagement interactions

Define project scope, goals, and rules of engagement.

Intelligence gathering

Perform reconnaissance against a target to gather as much information as possible to be utilized when penetrating the target during the vulnerability assessment and exploitation phases.

Threat modeling

Analysis of business assets, business processes, threat communities, and threat capabilities to identify the organization’s appetite for risk and prioritization of vulnerabilities.

Vulnerability analysis

Discover flaws in systems and applications which can be leveraged by an attacker. Flows can range from host and server misconfiguration to insecure application design.

Exploitation

Focus solely on establishing access to a system or resource by bypassing security restrictions. The main focus is to identify the main entry point into the organization and to identify high value asset targets.

Post-Exploitation

Determine the value of the compromised machine and maintain control of the machine for later use. Identify and document sensitive data, configuration settings, communications channels, and relationships with other network devices that can be used to gain further access to the network.

Reporting

We report the findings of the Penetration Test. The intended audience are those in charge of oversight and strategic vision of the security program, as well as any members of the organization who may be impacted by the identified/confirmed threats.

Services

Web Application Assessments

A Winmill Web Application Penetration Test consists of two phases: a black box penetration test, and an OWASP Top 10 security assessment. Phase 1 assesses how far a skilled attacker can get, without credentials or prior knowledge, towards compromising the application’s Confidentiality, Integrity, and Availability (CIA). This phase consists primarily of manual testing with BurpSuite Pro and open-source tools. Phase 2 is a grey/white box security assessment that starts with a credentialed vulnerability scan using Qualys WAS and open-source scanners and continues with manual testing in all OWASP Top 10 vulnerability categories.

Areas of Focus

Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Methods
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery

Network Penetration Assessments

Our network penetration assessment attempts to identify exploitable vulnerabilities in networks and network devices, servers, and DNS. Our assessment uses tools and manual processes to reveal open ports and running services. We assess the integrity of firewalls, switches, routers and load balancers, and discover misconfigured proxy servers, FTP servers, and TLS/SSL configurations.

We Assess

Firewalls & switches
Routers & load balancers
Proxy servers & FTP servers
TLS/SSL configurations

Mobile Assessments

Our iOS and Android application mobile assessment evaluates your mobile application against the OWASP Top 10 Mobile Vulnerabilities. Amongst others, these include improper platform usage, insecure data storage, insecure communication, and insecure authentication. Mobile Assessments are typically performed by jailbreaking an iOS device or rooting an Android device.

We Prevent

Improper platform usage
Insecure data storage
Insecure communication
Insecure authentication

Social Engineering Assessment

Our social engineering assessment imitates real-world attacks to help measure the security posture of your organization and confirm roles and responsibilities used to protect critical business information. This includes Open Source Intelligence (OSINT) gathering, which attempts to reveal organizational information from publicly available data and phishing attacks, where crafted emails are sent to select employees with the intent to convince the user to click a “malicious” link. Based on the results, we can further assist you to design security awareness training.