Infrastructure penetration testing focuses on identifying and validating vulnerabilities associated with a client’s public-facing and internal critical infrastructure.

By using all the tools and tricks available to real-world attackers, our network and infrastructure penetration tests uncover weak points in your IT security. The result is an easy-to-understand comprehensive report which explains each discovered threat and even drills down into key remediation advice. Infrastructure testing is often combined with web application testing for total threat protection.

Web applications are one of the most common types of software in use today. Due to their complexity and ubiquity, web applications represent a unique challenge to the security posture of any organisation. Modern web applications handle increasingly sensitive data, so it is important to ensure that they do not introduce significant risk to an organisation.

There are several stages to consider with Web App testing, including enumeration, vulnerability discovery and exploitation, all of which are important in identifying whether there are any risks to your networks. Adsec Solution's team of web application testers have the highest qualifications in the industry. This means when it comes to the reporting stage of your web app test they can give relevant, qualified advice that will help your organization to become safer

Adsec Solution's penetration testers are highly capable of penetrating testing web applications, web services, APIs and more, across an extremely large range of technologies.

Web App Penetration Testing Methodology
Adsec Solutions uses the Open Web Application Security Project (OWASP) Testing guide V3.0 for conducting penetration testing of web-based applications. The active test is split into 8 sub-categories for a total of 66 controls. The main 8 sub-categories are:
Configuration Management Testing                 Business Logic Testing
Authentication Testing                                        Session Management Testing
Data Validation Testing                                       Denial of Service Testing
Web Service Testing                                            Ajax testing
The data obtained from the information gathering phase allows us to search for additional vulnerabilities or exploits that might not form part of the above controls but can be used to penetrate the system.

Mobile applications have become an integral part of everyday technology.  It’s really easy to develop an app for your business, however it does mean that the attack surface greatly increases and it could put your business at risk. During mobile application testing we look at the design, data handling, network communication and authentication.

Mobile application penetration testing is the process of analysing a mobile app to find security weaknesses. This will review front-end user interfaces, back-end web services, web services (API) and supporting networks. Testing will review features such as cryptography, password hashing and data storage. Also confirming any mobile platform features such as the iOS keychain, or the fingerprint scanner are secure.

We follow the guidance on the OWASP Mobile Security Project (https://www.owasp.org/index.php/OWASP_Mobile_Security_Project). This provides a detailed framework, respected by experts from all over the world.

Adsec Solutions mobile application penetration tests find and exploit security weaknesses anywhere in your mobile app, no matter what platform or technology it uses. The latest automated tools are combined with skilled manual processes to ensure every aspect of your security is analysed. At the end, a comprehensive after-action report details every vulnerability found and includes helpful remediation advice on how to put things right.

The Wireless Penetration Testing service covers all threat vectors of wireless networks. Our test contain attempts to crack wireless encryption and authentication mechanisms, include the set up of rogue access points along with test phishing portals, a variety of man-in-the-middle (MITM) attacks, denial of service testing and Bluetooth security tests.

Authentication and encryption attack testing

We will try to break into wireless access points by performing ethical hacking against common security methods such as MAC authentication, WEP, WPA PSK and WPA-2 PSK and WPA enterprise authentication. The goal of this audit is to break into a wireless network in order to gain access to the network.

Wireless Man-in-the-Middle attack testing

In this test we will set up rogue and fake access points, waiting for users to connect in order to capture all activities they perform. social engineering techniques will also be employed, such as redirecting users to a fake web page forcing them to re-enter the pre-shared key. Additionally we perform tests around redirecting users in order to capture online activities such as phone calls.

Wireless DDoS attack testing

In this test, we are attempting to bring the wireless network to a complete hold by either jamming the wireless spectrum or overloading the access points, so legitimate users can’t be served any longer.

Bluetooth attack testing

We evaluate every security aspect of Bluetooth networking in order to gain control over Bluetooth devices, intercept calls (i.e. BT handset to BT earpiece) or render Bluetooth services temporarily unavailable.

 Build and Configuration Review is a comprehensive assessment of individual devices. Using an authenticated approach to identify vulnerabilities, insecure configuration settings, access to sensitive content and other issues which could lead to data disclosure or device compromise.

Why Conduct a Build and Configuration Review?

With the exponential growth of identified vulnerabilities and security breaches, it is no longer recommended to only review a devices perimeter security. In the event of a compromise or security breach it is important to understand the risks that your organisation faces and the security of your company’s data.

A build review can review the entire configuration of a device to ensure that they are protected from a range of common vulnerabilities, adhere to a number of best practice recommendations.

Types of Build and Configuration Review

Build & Configuration reviews can be conducted against a number of devices. Several types of Reviews exist to focus on each of these areas in detail and although more focused tests exist, the high-level categories are summarised as follows:

Workstation build and configuration review

A review of a standard user workstation aims to search for vulnerabilities and data which can be exploited by a unauthenticated or low privileged user account. Workstations can be the target of a number of attacks which aim to exploit the device or the user and form an important part of any organisation’s security.
These assessments often have a goal of privilege escalation on the device and an organisations network

Server build and configuration review

Server Build Reviews aim to assess the security of devices providing critical business functionality and help to ensure the data and functionality they provide is protected.
Servers can be intended for public or private access and can therefore be targeted by a range of potential attacks. Ensuring their secure configuration is integral for any organisation.

Mobile and MDM configuration review

Mobile Device Management (MDM) systems, provide a configuration policy to your company’s mobile devices. Mobile devices can contain company emails, sensitive documents, login information and other data.
A mobile device compromise or theft can have the same impact as any standard workstation and ensuring a secure configuration for each device has been implemented is an important security consideration for any organisation.

Firewall configuration and rulset review

A Firewall will often act as the gatekeeper for any organisation’s devices and services. The access control rules which are configured can determine what is accessible, both publicly and privately.
The secure configuration of these devices is important part in ensuring both your network and devices are safeguarded.

In addition to our  penetration testing service, we also offer our customers a Vulnerability Assessment Service. This may be a one-off vulnerability assessment or a fully managed regular assessment service to identify, classify and help remediate vulnerabilities in your IT infrastructure. Both services provide a detailed report with recommendations on how to remediate the vulnerality or mitiagate the risk from the vulnerability.