Penetration tests

Regular penetration tests and vulnerability tests are an important tool in information security management. However, the needs of different organisations in this area often vary considerably, partly due to different regulatory requirements for different types of entities. As part of our security testing service, our specialists design and implement security tests - vulnerability tests and penetration tests - in accordance with the specific needs of the customer organisation.

Service description

Vulnerability testing involves the automated collection of information about the patching and configuration status of the tested platforms and the evaluation of this information in the context of current threats and known vulnerabilities. In the case of vulnerability tests, known types of vulnerabilities are identified in the examined infrastructure, but there is no practical verification of their exploitability. This is different from penetration testing.

Penetration tests are aimed at identifying vulnerabilities in the tested environment, their subsequent exploitation and evaluation of the real impact. This provides the opportunity to accurately assess the risk associated with the identified vulnerabilities. The result of these tests is the formulation of specific recommendations for mitigating vulnerabilities.

 

Why Alef?

  • Through the CSIRT team, we are members of a closed security community where information is shared - so we have information about vulnerabilities and attacks that are not publicly known.
  • Our CSIRT team is the only commercial CSIRT in the Czech Republic that is both accredited by Trusted Introducer and a member of FIRTS.
  • We are one of the few institutions in the Czech Republic that does its own vulnerability research.
  • We have real experience in implementing security solutions.

Who is the service for?

For all organizations that want to verify the level of implemented technical and organizational security measures with practical vulnerability tests or penetration tests on a one-time or regular basis.


Main advantages of the service

Getting an overview of existing and realistic vulnerabilities affecting the organisation

Assessing the ability of information and other systems to withstand real-world attacks

Ability to validate effective vulnerability elimination

Verification of the organisation's ability to detect/respond adequately to an attack

How is the implementation done?

  1. Determination of the type and scope of tests
  2. Information gathering and analysis of the test environment
  3. Vulnerability scanning and testing
  4. Creation of the final report and presentation of results