About Us Products & Solutions Support Alliances / Partners Library Contact Us Home
  Penetration Testing
  To undertake, on a regular (Monthly, Quarterly or Once-off) basis, a thorough testing of the security configurations and effectiveness of a client's Internet gateway security installation - by probing remotely from the external Internet, in the same manner as any potential intruder. The testing searches for all known Security vulnerabilities that can be practically identified, including most recent at time of test. The testing does not require access to the company network, servers, or to privileged information such as computer account/password data - it is based on the 'black-box' approach.  
  Wabot follow the non-exploitative philosophy - i.e. security holes are identified and advised to the customer, but they are not exploited. Wabot will not attempt to 'break-in' to any systems, and no onsite data files or hard disks will be directly written to.
  At the end of the test, we will deliver a comprehensive report outlining:
  • Executive Summary
  • List of vulnerabilities
  • Details and exposure of vulnerabilities
  • Penetrations by areas of concern
  • Recommendations
  Wabot operates a discreet service:
  • The report will be couriered to the client and must be signed by the agreed recipient for security reasons
  • Wabot will not publish a client list
  Maintaining confidentiality, integrity and availability
  Protecting your organization from a major disruption by using an ' Wabot penetration testing will result in your organization's ability to do business uninterrupted and continuously maintaining the confidentiality, integrity and availability of your information systems.
  Brief Listing of Test Components
  Registry database search and checks
  Determine what IP addresses and domains are assigned
  Check associated company details and contact names for correctness
  Search for similar domain names registered to different company's
  Internet routing check
  Check that all assigned IP addresses are either routed to the correct company or not routed - ensure that none are routed to other organizations
  DNS search and checks
  Obtain advertised DNS information and determine company Internet servers.
  Check DNS servers for improper configuration
  Internet Router checks
  Determine what network information can be obtained from the company's Internet router
  Check for routing vulnerabilities
  Check for packet-filtering vulnerabilities
  Determine services offered by router; check for vulnerable services
  For host-based routers, check for operating system vulnerabilities
  Firewall checks
  Check for vulnerable proxy services
  Check for routing vulnerabilities
  Check for packet-filtering vulnerabilities
  Check for operating system vulnerabilities
  Internet server checks (DNS server, Web server, Mail server, FTP server etc.)
  Determine accessible services on Internet servers
  Check for operating system vulnerabilities
  Check for service-specific vulnerabilities
  Check for public access to mail or news facilities which could allow spamming
  Visible non-server hosts scan
  Check for any networked machines that are visible from the Internet and are not the companies advertised Internet servers
  Determine accessible services on these machines
  Check for operating system vulnerabilities
  Check for service-specific vulnerabilities
  Scope and Limitation of Tests
  The testing represents a view of the security at a single point of time
  Denial of Service attacks are used
  Such attacks can cause data loss on live systems, and are not run except under special separate agreement with customers. Wherever practicable, identification of systems known to be vulnerable to such attacks will be made by other means.
  No password cracking
  This is most effectively performed on site by internal staff at regular intervals, and is therefore not included in the service except by special prior agreement.
  Wabot performs all testing under strict guidelines that help maintain data integrity and avoids network downtime or data loss. Manual testing eliminates the automated problems of sending hundreds of packets a second to machines, performing unexpected tests, or accidentally performing DoS attacks; thereby limiting the impact to the network and machines. All of our reports will then detail the types of attacks performed, where successful, and details on how to fix or create work-around for all issues.
   Intranet Collaborative
   Extranet Collaborative
   Intrusion Detection
   Firewall Management
   Penetration Testing
   Security Audit &    Assessment
   Security Management
   Security Consulting
   Security Life Cycle
Remote Services