Penetration Test

Test the enterprise’s defense through the most authentic attack

Perform a simulated hacker penetration attack to prevent a real one

Penetration Test is a cybersecurity check for evaluating vulnerabilities on the corporate’s workstations and network system. It is used to identify vulnerabilities, potential risks, and potential data leakage as well as provide recommendations on fixing vulnerabilities

With the popularization of the Internet, all enterprises should conduct the penetration test regularly in order to have an in-depth understanding of the vulnerabilities on its existing official website, applications and software, as well as the threats it may face.

The following enterprises are particularly required to conduct the penetration test regularly:

Self-hosted website
Self-hosted website
Self-hosted server
Self-hosted server
Self-developed product
Self-developed product
Self-developed application or software件
Self-developed application or software

Procedures

  • Confirm project requirement

    Confirm client’s requirement and agendum, then signing contract for acquiring a legal penetration authority.

  • Detection

    Collecting information and identifying related component information, such as operating system, currently using services and software version. To test whether the system has accessed any sensitive information or any data has been leaked during processing, as well as testing the vulnerabilities of applications, logic networks, operating systems and password cracking.

  • Vulnerabilities identification

    Identify the vulnerabilities on the existing system during the identifying vulnerabilities.

  • Penetration test report

    Deliver a written report including weaknesses of different entrances, risk level, test method and repair method, as well as provide vulnerabilities remediation consultation to client.

Differences between Penetration Test and Cybersecurity Health Assessment

滲透測試
Cybersecurity Health Assessment
  • Conduct assessment from user perspective
  • Conduct assessment in an all-rounded area
  • Assessment is specifically focused on security issues
  • Require enterprise’s existing policy for assessment
  • Assessment time requires 1-3 days
Penetration test
  • Conduct test from hacker perspective
  • Conduct test in specific scope of work
  • Test is specifically focuses on vulnerabilities within the testing area
  • No need or only acquire a few internal information from the enterprise (depends on the situation)
  • Testing time requires 2-3 weeks
網絡安全健康評估
more services from STORMEYE
An innovative information security risk assessment tool.
A set of policies and procedures to quickly detect and halt attacks.
To help you become and stay compliant with regulatory mandates.