INTRODUCTION
The Offensive Security Services consists of experienced experts with multiple certifications, who perform penetration testing to ensure the security of mobile device applications of external and internal networks, wireless networks, and emails, as well as to identify any vulnerabilities and recommend improvements. They use the most advanced methodologies, such as OWASP and the MITRE ATT&CK framework.
Offensive Security Services
The Team consists of experienced penetration testing experts with multiple recognized certifications such as: OSCP | OSCE | OSEP | OSWP | CRTO | CRTE | CRTP | CISSP.
The methodology used is highly analytical and therefore easily repeatable. Furthermore, the developed test methodologies are fully compatible with internationally recognized standards and penetration testing methodologies.
- Web Application (Web App & API) Penetration Testing: The service performs a web application penetration test and simulates real attacks to provide an overall picture of application vulnerabilities and threats. The team will validate existing security mechanisms and test an application's ability to resist attacks by unauthorized users and potential misuse by authorized users. The OWASP (Open Web Application Security Project) methodology shall be used.
- Mobile Application Penetration Testing: The service performs a mobile application penetration test and tests the software application developed for mobile devices (Android/IOS) in terms of functionality, usability, security, performance, etc. Mobile application security testing is important to prevent fraudulent attacks on the mobile application, or virus or malware infections. The OWASP (Open Web Application Security Project) methodology shall be used.
- External Penetration Test: The External Penetration Test service ensures that the overall security level of the external network infrastructure is identified by malicious external threats. In addition, attempts will be made to breach the external perimeter and gain access to the internal networks/infrastructure.
- Internal Penetration Test: The Internal Penetration Test service aims to identify and evaluate potential vulnerabilities in the customer's internal network to analyze its exploitability and assess the level of vulnerability to internal attacks. It involves simulating an insider attack to evaluate the effectiveness of the organization's security measures and provide recommendations to improve its overall security.
- Red Team Test: Red Team tests simulate real malicious attack techniques to attack the systems under test. The team uses a model that simulates real malicious attack tools, techniques, and processes, based on the MITRE ATT&CK framework.
- Assume Breach: This is a type of security assessment that operates under the assumption that an organization's defenses have already been breached. It involves identifying and responding to compromised systems, analyzing the attacker's techniques and tactics, and providing recommendations to improve the organization's ability to detect, respond to, and recover from such attacks in the future.
- Active Directory Assessment: This is a type of security assessment that evaluates an organization's Active Directory infrastructure to identify vulnerabilities and weaknesses. It involves analysis of permissions/accesses to ensure that the environment is secure and resilient against potential threats.
- Wifi Penetration Test: This wireless network penetration test is a security assessment that evaluates the security of an organization's wireless networks, including Wi-Fi, Bluetooth, and other wireless technologies.
- Phishing Test: The phishing test is a type of security assessment that assesses an organization's vulnerability to phishing attacks by simulating them via email.
- Vulnerability Assessment: This is a process of identifying and assessing security vulnerabilities in a system, network, or application. The objective of a vulnerability assessment is to discover potential weaknesses in a system's security. Once vulnerabilities are identified, they are ranked according to their severity, and recommendations are provided to address or mitigate them.
Η υπηρεσία παρέχεται από την ΟΤΕ Α.Ε.