SYSTEM PENETRATION TESTING
The Core Node security team will perform the activities required to evaluate 'real' infrastructure and applications security levels of the infrastructure. These activities are divided in two main categories: the first one is based on the evaluation of the vulnerabilities related to systems and applications (Vulnerability Assessment) and the second one is a simulation of attack scenarios (Penetration Test).
The methodology used for completing these activities is integrated and compatible with the following standards and guidelines: Open Source Security Testing Methodology Manual (OSSTMM)
VULNERABILITY ASSESSMENT All systems and applications that make up the whole project scope will be enumerated with the goal to detect all the components and their functions. Furthermore, verification and evaluation will be performed on the vulnerabilities found by means of automatic tools and manual checks (Vulnerability Analysis).
PENETRATION TESTING Attack scenarios will be defined and used to evaluate the real impact of the vulnerabilities found within the project scope. In this activity the vulnerabilities will be identified for the purpose of Vulnerability Identification and the exploitation will be tested (Vulnerability Verification & Exploitation).
View other tests