DMZGlobal - Services - Security Consulting

Service & Support

The DMZGlobal Enterprise Centre operates 24 hours. Please contact us on
0800 DMZGlobal (NZ) and 1800 DMZGlobal (Au) or email us at support@dmzglobal.com

Sales & Information

For more information on DMZGlobal's services please contact us on
0508 400 300 (NZ) and 1300 Telstra (Au) or email us at info@dmzglobal.com

Penetration Testing

DMZGlobal Penetration Testing Brochure - PDF (1.04MB)

DMZGlobal Penetration Testing is focused on giving organisations visibility of their Perimeter, Network and Application Security in order to make informed security risk decisions.

Attributes

Approach

DMZGlobal use a 3-phased approach that is modelled on common application vulnerabilities described by the Open Web Application Security Project (OWASP). It uses standard security testing practices to assess an organisation's perimeter network, infrastructure and application security posture.

Perimeter Mapping & Enumeration
Incorporates a reconnaissance or information gathering phase. DMZGlobal uses publicly available information (or potentially misconfigured devices) to obtain information about the organisation's external and Internet exposed infrastructure and assets.

Network Scanning & Vulnerability Analysis
External scanning is conducted to identify and fingerprint devices and services within the client network based on information gathered during the Mapping & Enumeration Phase. Depending on the scope of the test, both vertical and horizontal scans are performed to find potentially vulnerable devices or services that can then be exploited.

Application Scanning & Vulnerability Analysis
Application profiling is considered one of the most important aspects of penetration testing. This technique will allow DMZGlobal testers to identify the business logic and transaction flow of the application to identify potential vulnerabilities that may allow the bypass of authentication or escalation of privilege.

The primary objective of this phase is to gain an understanding of the application architecture, to assist in determining ways to bypass the application authentication mechanisms and controls or to force the application to behave in ways that were not intended by the designer.

Complementary Service

In addition DMZGlobal can perform internal penetration test and application deployment reviews, which complements external Internet facing testing.

Tools

DMZGlobal security consultants use custom developed, open source and commercial tools during the course of the investigation.

Benefits

Identifies high-risk systems and potential exploits.
Detects ‘real' vulnerabilities and can help reduce false positives to improve the accuracy of security monitoring systems.
Helps prioritise risk, resource allocation and security programmes of work.
Identifies and helps address internal and external compliance requirements.
Reduced costs by identifying redundant technology and specific areas of focus.
Provide assurance around the ability of malicious user to penetrate a system.