IT Security Services

GSS Infotech team was very quick and efficient in modifying the documents and finishing the deliverables. The first drafts of the Functional Spec were created in good time by the team.
Project Manager

A Leading Manufacturing Company

Services » IT Security Services » Penetration Testing

Penetration Testing

Penetration Testing

A proactive & authorized attempt to evaluate security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior

External Penetration Testing:

Review of vulnerabilities that could be exploited by external users without credentials or the appropriate rights to access a system

Internal Penetration Testing:

Protection from internal threats and ensures that internal user privileges cannot be misused.

Application Penetration Testing:

Testing is performed in a black-box, (white-box will be a custom module)
Black box testing involves providing GSS only very essential information pertaining to the application, such as the URL or address

Wireless Penetration Testing:

GSS's wireless security testing focuses on enumerating and verifying potential attack vectors and threats to your organization's wireless infrastructure. Evaluate and provide recommendations for improvement.


> <
  • I. External and Internal Penetration Testing

    1. Obtaining information about your Internet facing assets 2. Security testing identify vulnerabilities in externally/internally facing systems and applications 3. Optional phase includes exploitation of the underlying vulnerabilities
  • II. Application Penetration Testing

    1. To identify both common and application specific vulnerabilities 2. Network and operating system security tests to verify that the underlying platforms are configured securely 3. For role-based systems, testing is conducted across all user roles
  • III. Wireless Penetration Testing

    1. Access point discovery 2. Wireless Penetration Testing 3. Post wireless exploitation