Articles
Check out our blog for tips on increasing visibility, expanding detection coverage, and improving information security.
Program
Reducing the Risk of Accomplishing Your Compliance Goals.
These attacks are designed to show business impact. Sedara provides External (Perimeter), Internal (Assumed Breach), Web Application, and Wireless (WiFi) testing.
Sedara uses a framework-based penetration testing approach derived from industry best practices including PTES, NIST SP 800-115, OWASP and OSSTMM methodologies.
Assessments
External Vulnerability Assessment
Sedara will attempt to gain unauthorized internal access to your network. This can include obtaining private data or any form of unauthorized access to your systems. The main focus of an external vulnerability assessment is to obtain private data without having approved access to your internal network.
Assessments
Internal Vulnerability Assessment
Sedara will attempt to gain unauthorized access to your network from within the network itself. This can include:
- Attempting to obtain access to a restricted domain user account.
- Attempting to escalate privileges to the highest possible role.
- Attempting to obtain private data
Assessments
Web Vulnerability Assessment
A web penetration helps an organization identify the possibility of a hacker(bad actor) to access sensitive data from the internet. For example unauthorized access through public-facing websites to sensitive data.
Web Application Penetration Testing is done by simulating unauthorized attacks internally or externally to get access to sensitive data through a web application.
Identify Input Locations - This is considered a major part and large focus of web application testing, however the same concept applies for any target. Reviewing all the targets abilities by interacting with it is the best way to do this. Can the application accept a file upload? If so, what files does it accept? Are there hidden inputs or features that weren't intended for us to find? Perhaps an odd port is open for debugging, is their authentication needed to communicate with it? These are the types of interactive-driven thoughts that should go on in this step just to name a couple of an almost endless number of examples.
- 1. Target Reconnaisance
- 2. Web Application Scanner Configuration and Tweaking
- 3. Automated Web Site Crawling
- 4. Manual Web Site Crawling
- 5. Automated Unauthenticated Web Vulnerability Scan
- 6. Automated Authenticated Web Vulnerability Scan
- 7. Manual Web Vulnerability Testing
- 8. Results Review, Triage and False Positives Removal
- 9. Final Results Publishing on Secure Cloud Dashboard
Assessments
Wireless Vulnerability Assessment
A wireless penetration test is a comprehensive evaluation of the wireless networks in your organization using automated and manual methods.
- Password attacks
- WEP/WPA cracking
- Guest wireless segmentation checks
- Traffic sniffing attacks
- SSID spoofing
- Rogue access point discovery