Controleer uw VEILIGHEID MET EEN PEN TEST
pentesting / Penetration tests
Pentesting, a pentest, or penetration testPenetration tests, also known as pen tests, are ‘legal’ or ‘ethical hacker’ attacks on your network, website, Internet access or computer system to gain insight into the security risks and vulnerabilities. These legal hacking tests that Triple-B performs for you are carried out in three ways:
- White box testing:
- Gray box testing:
- Black box testing:
The difference lies in the amount of knowledge and background information that the tester (the ‘hacker’) receives. Does the tester have prior insight into all aspects of the system architecture? This is referred to as white box hacking. Does a tester have partial information? This is called a Grey box and is referred to as Blackbox if the tester has minimal prior knowledge.
- Did you know that regular pen testing contributes to protecting your company’s reputation and the continuity of your business?
- Did you know that a penetration test can prevent data leaks and fraud?
- Did you know that performing a pen test can even save you money?
- Did you know that the IT administrator of companies has not learned to test vulnerabilities in software and on network layer?
- How do you know or can you prove that your business information is secure? How sure are you of that?
- An accountant audits your accountant, but who audits your ICT manager? Are gates unnecessarily open? Are the possibilities of your systems being used optimally and, above all, securely?
- Did you know that the ISO 27001 is the standard for information security? Does ISO 27001 specify and specify requirements for the implementation, execution, monitoring, evaluation, maintenance and improvement of a documented Information Security Management System (ISMS) in the context of the general business risks to the organization?
- Did you know that there are privacy rules that all companies have to comply with? Under the new AVG / Privacy rules it has become mandatory to regulate security. With our pen tests in which the reports are made by a CISSP (certified pen tester) you have already largely fulfilled your obligation to make the security demonstrable.
Website scanYou spend money on a beautiful website with interesting and useful content. You may sell your products or services through your site or make your site available as a discussion forum. Did you or your web builder pay the same attention to the security of your site when you built it? Enter your own website address at https://internet.nl and you may know more within 1 minute. On this website, the Dutch government, together with SIDN, offers an initial indication of how safe and good your website is. Don’t you score 100%? If so, you will probably run risks and your website will also be less easily found by search engines such as google. If you want to solve this problem, Triple-B knows how to do it. The test of internet.nl we do, but much more complete and complex. This is called a pen test. We invest in knowledge and equipment to stay ahead of the hackers as much as possible. A 100% secure website does not exist but we can make it safer.
Pentest on server and networkDuring a penetration test on server and network, we test the security of servers and components from the outside. We test the connection(s) between your office and the internet. This is something different from your website, which is often hosted externally. This gives you insight into vulnerabilities or security leaks within your network. We scan the security of one or more servers or a network segment via the internet or at your location. We can also include the route to the server and other network components in the scan in consultation with you.
Penetrationtest on applicationsWe advise you to have a pen test carried out on applications when custom software is used within your organisation. If you are not allowed to view independent pen test reports from your builder, please have them tested yourself! In this test we focus on your specific applications, such as databases, content management systems and custom software. We use specialist software to scan source codes. This is also called source code scanning or application vulnerability scanning.
Penetrationtest on VOIPOften organizations do not yet realize the consequences of access to VOIP. Hackers then call their own expensive premium rate numbers via your (hacked) telephone exchange. Your VOIP systems often have their own network or cloud service, and therefore do not always automatically go along with the pen test of your office. In addition, specifically for VOIP, we have developed other tests that we can use for you to test security.
Penetrationtest on e-mailSixty percent of all business infections come by e-mail. So it is wise to test this channel regularly. We have developed our own system for this purpose, which we have developed ourselves. For larger companies we also have software available that works via a plugin. This also allows us to link an awareness training and every employee can always ask for assistance with (another) strange e-mail at the push of a button. With a nice competition element, your colleagues can show each other who is the most sensible. And…such a learning moment is a regular occurrence and lasts a maximum of 30 seconds. Permanent security on mail without that taking up a lot of time. The latter solution (with plugin) is only possible for the time being in companies with 100 or more employees, which is why we also have our own tooling from 1 mailbox.
Pentest on LANWhat would happen if a hacker got on your network? Or what could an angry employee do? To do this, we will visit you on location to assess the safety of the connected systems via your internal network. Many computer viruses spread quickly between the computers of a company or organization. Is this also possible with you? Wannacry was one such example. If we had been at the company before wannacry, the impact would have been 1 workstation instead of a complete organization that is out of action for days or more. You will receive the result of the penetration test in the form of a clear and useful report, with which you can put your supplier or ICT manager to work. Triple-B can also set out the steps to be taken and/or take care of the roll-out in a subsequent process.
When should you have a penetration test done?There may be several times when a pen test is useful:
- In the acceptance phase of a new system or a new application.
- In the event of significant changes to an important system or application.
- Periodically (annually/biennially, every week, every day), to test existing systems for new break-in techniques or configuration errors of your system administrator(s).
- If there is another reason to think that the security of a system is not as good as expected.