Penetration Testing

Sparrow Penetration Testing

From vulnerability check to penetration testing

Sparrow Penetration Testing

  • Step 1.
    Information gathering
  • Step 2.
    Penetration testing
  • Step 3.
    Vulnerability analysis /  evaluation
  • Step 4.
    Reports
  • Perform optimized and practical penetration testing based on various scenarios
  • Provide countermeasures and ways to minimize possible disability and malfunction of system through consultation
  • Provide an action plan and protection plan against detected vulnerabilities

Methods and Criteria

Methods

  • Automated and manual diagnostics
  • Attempts to penetrate based on internal and external penetration testing scenarios that match the characteristics of the enterprise

Criteria

  • Vulnerability analysis and evaluation criteria of major IT infrastructure
  • Vulnerability analysis and evaluation criteria of financial sector
  • OWASP Top 10
  • NIS 8 web server vulnerability

Penetration Testing Methodology

External Penetration Testing Methodology

Step 1 Gather internal infrastructure information

Gather information that is being exposed to the outside world through search engine

Gather vulnerable service information through port scanning tools

Step 2 Determine penetration method

Apply the latest exploit

Identify vulnerable versions of services through the collected information

Penetration using vulnerabilities of web/mobile services

Identify other attack methods through consultation

Step 3 Perform penetration testing

Diversify performance methods
(Black, Grey, White box)

Manual diagnosis by experts

Identify vulnerabilities by area /stage

Internal Penetration Testing Methodology

Step 1 Gather Internal Infrastructure Information

Detect unnecessarily exposed network port

Detect for wireless APs that are vulnerable or do not have account authentication

Identify internal vulnerable services via IP/Port scanning and sniffing

Step 2 Determine penetration method

Apply the latest exploit

Identify vulnerable versions of services through the collected information

Penetration using web/mobile services or CS App vulnerabilities

Identify other attack methods through consultation

Step 3 Perform penetration testing

Diversify performance methods
(Black, Grey, White box)

Manual diagnosis by experts

Identify vulnerabilities by area/stage

Mobile Analysis Methodology

Step 1 Static analysis

Android

- APK Decompile
- Smali code Analysis
- App counterfeit/ modulation test

IOS

- Memory dump
- Binary Analysis
- App counterfeit/ modulation

Step 2 Dynamic analysis

Android

- Log/ System/ Network Monitoring
- Internet sniffing

IOS

- GDB Analysis
- Cycript

Step 3 Other analyses

Database

- Analyze databases on the device

Setting

- Analyze setting on the device

Communication(Packet)

- Vulnerability analysis in packet communication

close
Products Security Quality