summitPENTEST

Be in charge of your network. Conduct a pen test today!

Black Box (External) Pen test

Black Box can be best described as a test where no information is provided by the client and the approach is left entirely to the penetration tester (analyst) to determine a means for exploitation – this helps you understand the threat of external attacks. Download a Black box Scope Questionnaire for Penetration Testing

Cyber criminals are on the rise. And no one is safe, however secure you feel your network is. The bad guys have the time and resources to keep prowling the internet for the next prey. If you use computers, laptops, mobile devices, and the Internet you could already be losing something without your knowledge.

You need to undertake a penetration test of your network to assess the threats of loss of your intellectual property, very confidential client data and details and business secrets

You need to protect your computer resources. Whether it is a regulatory requirement or an internal security assurance or the need to practice best practices and gain respect of your strategic partners and stakeholders, a pen test is for you if your business uses computers and Internet. Summit Consulting adheres to the OSSTMM & EC-Council penetration testing methodology and code of ethics regarding this level and classification of test.

White Box (Internal) Pen test

White Box can be best described as a test where specific information has been provided in order to focus the effort. This tests the threat of internal attacks, say originating from people who have access to your network and know a lot about the services, ports, apps, etc running

Penetration tests can range in a number of varieties from testing one application based on known vulnerabilities to far reaching tests where no vulnerability information is provided and every system and network is in‐scope. Additionally, a penetration can go as far as to gain control of the system by any means (aggressive) or to simply illustrate that it “could” be done by “taking these next steps”, without actually taking the steps. The following questions are intended to determine and refine the scope and extent of a desired penetration test. This template should be reviewed by our client and answered as thoroughly as possible. In the event that the client is not able to answer these questions, it is recommended that a Summit Consulting security practitioner review each question with the client to ensure adequate information is obtained.

Overall ICT Security Assessment

Uganda laws require that Summit Consulting obtain written permission by an authorized representative of the client to perform a penetration/security assessment. The client must provide a written consent letter on company headed paper and stamped with the company seal/stamp authorizing for the penetration test to take place.

Please complete the attached questionnaire to enable us understand your requirements better and more clearer. With us, you have the right experts. Please note:

a)Pen test —>tests to identify any existing vulnerabilities in your system, attempts to exploit them, and gives you evidence of exploit, if any. And then makes practical recommendations to fix. You have option to also expand scope to include ITIL/CoBIT/ ISO27001/ PCI DSS benchmark reviews for a complete security risk assessment.
b)IT governance review / security assessment —> reviews to identify any weaknesses or exposures in your IT systems and governance against known best practices, whether these can be exploited or not.

Network Vulnerability and Cyber Security.

Any computer network can be breached in two basic ways: an outside agent can attempt to gain access electronically via the internet or some other network, or an insider agent steals data or compromises security from within the organization. Globally, the threat of insider attack is the biggest.

Regardless of the type of data breach, the fact remains that with a properly structured security arrangement and plan in place, the breach probably would not have occurred at all, and if it did, the ramifications would have been far less severe and costly.

SCL has years of experience mitigating all types of cyber-attacks – from inside and out, and we’ve evolved a methodology which combines preventative measures along with rapid breach response tactics. And it all begins with a comprehensive vulnerability assessment.

Network Vulnerability Assessment.

SCL starts by performing a thorough assessment of the equipment, software, and processes of your entire IT system. We analyze your IT resources, intellectual property concerns and map your threat landscape. We dig into the particular concerns of your organization – the things about your company that might be especially valuable or vulnerable. Are there regulatory compliance issues involved? Is litigation anticipated and/or imminent? Have employees been trained in even basic data security fundamentals? Is there a feasible and coherent plan in place should a breach or intrusion occur which can be immediately and effectively implemented to contain the damage? What measures are currently in place?

We conduct penetration testing and ICT security assessment.