External Network Penetration Test- 200 public IPs
External penetration testing services focus on exploiting network security weaknesses with the intent of gaining access to the environment. The tests are conducted remotely and securely to the targetede environment to demonstrate an external attack targeting hosts and services that are internet facing. The vulnerabilities can allow a potential attacker to compromise an organization’s network and gain access to many crucial information like sensitive data.
Barikat follows up the documentations that are developed similar and relevant to the methodologies according to the modern standards in field of Cyber Security. With years of experience, Barikat has developed the methodology to improve its test quality. The similarity of the general steps of the methods allows Barikat quality control processes to be carried out with higher performance.
The security test work carried out consists of 5 different steps.
Penetration Test Kick-Off Meetings
Execution Phase of Penetration Tests
Preparation Phase of Penetration Test Reports
Presentation Phase of the Findings
Verification Phase
For over 15 years, Barikat has conducted thousands of successful penetration tests for companies of all sizes, across all industries. Barikat’s dedicated penetration test team is highly qualified, with necessary certifications, and is equipped with the tools and methodologies necessary to proactively deliver detailed and meaningful results.
You will receive a confirmation mail, and within a day, a zoom meeting will be arranged by our team. The invoice will be sent within 2 business days.
Please get in touch with us for customized quotations.
In Barikat, these methods are implemented by experienced security testers. The Barikat Security Testing Services Unit is responsible for obtaining the knowledge and experience from internationally recognized certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), GPEN (GIAC Penetration Tester) and Certified Ethical Hacker (CEH). They have proven their knowledge with test certificates and have kept their knowledge up to date by participating in international training programs. In addition, Barikat received at the highest level (Type A) Certificate of “TS 13638 Qualified Penetration Testing Service Provider Company”; covering network, system infrastructure, web applications and databases penetration testing, issued by the Turkish Standards Institute.
The test work involves checking the company resources available on the Internet against known security vulnerabilities with common user rights that do not have any authority. The following steps are followed during these tests.
Reconnaissance Phase
In this phase the steps taken are as follows; determining the IP address to be tested, DNS control tests, determining the running applications and services . Trying to obtain the information of the local network with different methodologies and determining the scanning method for the server are performed in this phase. The information that is desired to be obtained in this phase are as follows;
Identification of ISP (Internet Service Provider) information (such as domain name owners information, IP addresses, AS (Autonomous System) number etc..)
Gathering information on the Internet using different search engines
Obtaining server DNS records, hostname information, identifying accessible servers and access methods
Detection of open, closed and filtered ports
Determination of the IP addresses used in the local network and routing controls of the IP addresses
Gathering information by disabling safety rules with various methods
Identification of security devices and security applications used in topology
Determining the patch and core level of the accessed server operating system
Identification of applications running on open ports
Obtaining detailed information about employee services
Mapping of the detailed network topology of the target
Automated Scanning Phase
In this step, automated security scanning is performed to identify known security vulnerabilities using the most appropriate tools for the type of applications running on the server. The type of application on the server also determines the scanning method to be used. The results obtained from different tools are compared in this phase and are presented as a source of validation. In this phase, the following actions are performed;
Identification of known security vulnerabilities with different scanning tools
Security scans and detailed checks for open services
Performing DNS security checks
Performing unauthorized access and vulnerability tests using special tools for web and database application
Detailed security tests for remote management services such as Telnet, SSH, SNMP, MSTSC
Control of open services against known, simple and manufacturer-assigned first passwords
Safety and avoidance tests for safety instruments
Verification Phase
The verification phase is the stage in which the results obtained after the automatic scan and the identified security vulnerabilities are actually discovered by Barikat Security Testers on the server. This stage is crucial in reducing errors to a minimum and reflecting the most accurate results of the reports. At this stage the following operations are carried out;
Extraction of incorrect results
Trying to exploit the identified security vulnerabilities
Performing tests to capture the server
Penetrating to other systems or local network via the captured server/s
Manual Audit Phase
The means by which automated scanning tools may be overlooked are the stages in which systems are controlled either manually or by means of scanning tools and scripts developed by the Barikat team using different methods for implementation. The information obtained in the previous steps is correlated and the deficits that can not be detected with automatic means are detected. It is also intended to identify security vulnerabilities not yet announced or unknown at this stage. The original applications running on the servers are being examined at this stage and application specific security problems are controlled. In this phase, the following operations are carried out
Checking applications for memory overflow if requested
System security scanning with special scripts and tools After the verification and manual control phase, remnants of the penetration test are removed.