Offense: Our Approach to Security Testing
Clients ask us to provide penetration testing as a security best practice, to meeting regulatory compliance, or to meet Board and customer expectations. While we tailor each test to our client's needs, the common denominators include:
- Understand the business drivers for the test and how the results will be used.
- Determine why the target system is important and if specific threat actors are of concern.
- Develop test hypotheses, test to confirm the hypotheses, and pursue those that seem most plausible and that appear to pose the greatest risk to the target system.
- Mimic methods used by sophisticated attackers. This requires creative, manual testing; not simply running automated tools.
- Identify vulnerabilities and their root cause (to reduce the likelihood that the vulnerability will re-emerge).
- Communicate the test results to technical and management audiences with equal emphasis given to positive findings.
KoreLogic's Penetration Testing Services
| Test Type | What We Test |
|---|---|
| Mobile | Mobile applications, devices, network elements and end-to-end services for mobile carriers, third party mobile service providers, and mobile applications developed by our clients. |
| Cloud | Cloud-hosted mission-critical applications, SaaS providers and public or private cloud infrastructure. |
| Web Applications | Web applications or other software to find defects such disclosure of sensitive information and vertical or horizontal privilege escalation. |
| Internal | Network devices, servers, endpoints to gauge their resistance to attack by a malicious insider or compromised internal systems, effectiveness of isolation, etc. |
| External | Public-facing systems to verify they are properly hardened for Internet-exposure. |
| Social Engineering | Targeted email phishing campaigns to attempt to harvest credentials from users, phone calls to the helpdesk impersonating employees with access problems, etc. |
| Vendor Risk Management | Testing of our clients' service providers who handle their confidential data or who have access to client IT resources. |
| Product Security | Pre-release security testing of new products to help ensure they have been properly hardened for their intended uses. |
| Red Teaming | Custom test scenarios that gauge the resistance to attacks against a client's most business-critical digital assets. |
| SCADA & ICS | Tabletop security architecture review followed by targeted assessments such as of operator workstations, test or production SCADA/Industrial Control Systems, and analysis of network connectivity and traffic between SCADA and IT environments including network isolation, proper use of encryption, and credential management. |
| IoT Testing | We test the security of IoT devices/sensors, IoT communications, IoT platforms, IoT applications/APIs/portals, and backend infrastructure including IoT-supported clouds. |
| Customized Hardware, Firmware and Embedded Software Testing | Assessing the security of any hardware, firmware or embedded software system involves a determination if it has been securely designed; that its security functions perform effectively; and it is resistant to physical and logical attack.
This typically requires threat modeling, abuse case development and testing at the application, operating system, and network layers. KoreLogic uses a combination of testing techniques such as: hardware and software reverse engineering, network or application capture/analysis/manipulation, protocol analysis, cryptanalysis, source code examination, custom software (e.g., device driver fuzzing) written to exploit suspected vulnerabilities, etc. |
To see project examples of these security tests, see Impact Stories.