Network Penetration Testing
Web applications, mobile applications, and APIs these days tend to rely on complex network infrastructures to support the overwhelming amount of users and data they interact with. Network hosts that are not configured securely can help an attacker gain a foothold into an environment, which can lead to total system and data compromise even if the web applications or APIs they support are secure.
Rarefied can assist in testing and ensuring your servers and workstations are not vulnerable to network-based attacks. |
EABOUT EXTERNAL NETWORK PENETRATION TESTINGWe attempt to breach your network from the outside in. This means we access your infrastructure like a hacker would by looking for vulnerabilities in all externally available access points (web servers, mail servers, file servers, DNS servers, etc.). This entails looking for open ports, open services, missing patches, and vulnerable operating systems and exploiting them to try and gain system-level access.
In terms of web sites and web servers, this is looking at the underlying technology you have in place that is serving the web application as opposed to a web application penetration test, which would test the actual web application source code for vulnerabilities. ABOUT INTERNAL NETWORK PENETRATION TESTINGAn internal penetration test simulates the scenario of “what if an attacker lands on your internal network – what can they access?” This could be as simple as an attacker joining your corporate Wi-Fi network, or plugging into an open network jack within your office. There are also many ways a hacker can land on your internal network besides plugging into a wall socket. The most common way is sending a "backdoor" via an email attachment to one of your employees compromising their computer. This allows an attacker to access your employee’s computer from anywhere on the Internet. They can use this connection to penetrate further into your corporate Intranet.
For example, if an employee's computer is compromised by a backdoor what could an attacker get access to? Could they gain access to sensitive files? Could they elevate privileges to become a domain administrator? Could they steal other employee accounts? Could they get access to database servers and steal/modify customer account info? Our internal penetration tests are designed to help you secure and patch your internal corporate environment against vulnerabilities that would allow an attacker in the above scenarios to jump from one computer to the next |
Regardless of attack scenario, Rarefied always tests for security issues in a safe manner. We use proofs of concept to illustrate and leverage the issues we discover without damaging real users or data.
If you wish to read further about our testing methodology, please click here.
If you wish to read further about our testing methodology, please click here.