VA & PT
VULNERABILITY ASSESSMENT
It is the procees of classification and identification of the vulnerabilties in the target system and it is carried out automaticcally through specific sotwares. It is carried out monthly to identify possible known vulnerabilities.
It is carried out automatically
It can be done monthly
It’s cheaper than a PT
It doesn’t exploit the vulnerability but it just identifies it
It analyses both the software and the operating systems
Normally it gets completed before a PT
Doesn’t result in a problem for the target net
PENETRATION TEST
During an Infrastractural Penetration Test, simulations of an intrusion are carried out, hypothesizing different scenarios of attack combining manual techniques to the usage of the automatic instruments.
An Infrastractural PT is aimed at the verification of the net and configuration of Host machines and the servers they are composed of.
In this way, it is possiible to analyse the exposition to the vulnerability, not verifiable by automatic softwares. Most importantly, the possibility to show how, in case a critical issues occur when they are considered singularly and they don’t really represent a real situation of risk, but their combined exploitation can bring to consequences of a remarkable impact, is crucial.
Operating manually on systems and apps, it is also possible to exploit the encountered vulnerabilities, completing the attack simulation, in such way showing the real consequences on the infrastracture.
Attack mode:
White box: The ethical hacker obtains information from the client as a scheme of the net or access credentials.
Black box: The ethical hacker only has the IP address or the Dominium name of the application to test
