When it comes to penetration tests, National Keep Cyber Security Services, which has a clear leadership in our country, is also known for the quality of its services. Our tests, which are carried out without leaving too much room for automatic vulnerability analysis tools, with special methods and methods developed by themselves, ensure that your systems are captured by an attacker with almost impossible to see. These tests are divided into three main groups.
BLACK BOX
In this role, the consultant does not have access to any information and is strictly denied access to the client's applications or network. All of this test is done online and remotely. The consultant's task is to make all discoveries in order to progress and obtain the critical information required. This detail is achieved in a role close to a typical attacker in the service received. These types of tests are the most realistic, but they also require a lot of time and critical vulnerabilities of the network or applications are thus exposed.
Although the security measures of the browsers you use and the security devices in your corporate structure protect your system, the invisible security vulnerabilities on the systems developed by the manufacturers can have great consequences. This may put your applications, valuable data and confidential information at risk. In addition to all these, the black box test is one of the indispensable steps of a penetration test project.
GRAY BOX
It is a type of test that allows a higher level of access and more internal information than the black box test. Relatively, a black box tester is trying to infiltrate the system and steps in from an external point of view, while the gray-box tester has low-level credentials, application logic, some internal accesses and information already given. The important point here is that a user access information is never given to the gray box tester. The tester is taken to a room in the institution (meeting room, etc.) where there is a WiFi or Network cable but a high level of security is received. Here, the tester tries to infiltrate the system horizontally and vertically, with the information he obtains in both cable and WiFi environment. In the meantime, user information can be obtained. With the user information obtained, applications, servers, active network devices and databases can be entered into systems.
WHITE BOX TEST
In the category of penetration tests, the test that allows the security consultant to have full open access to applications and systems is called the white box test. This allows consultants to view source code and grant high-level privilege accounts to the network during testing. The purpose of white box testing is to identify potential vulnerabilities in various areas, such as logical vulnerabilities, potential vulnerabilities, security misconfigurations, poorly written development code, and lack of defense measures. This type of assessment is more extensive, as both internal and external vulnerabilities are viewed from a "behind-the-scenes" perspective that is not available to typical attackers.
AS A RESULT,
The purpose of the penetration test is to make your system or application more secure. To give an example of all the tests performed here; Think of a builder who builds a building, this master builder can build and deliver the building you dream of in 1 year with the contract you will make. However, you do not like this building and you want to knock down and demolish it to the right where it is. The main reason for this is that the builder developed maybe 20 years only to build buildings and did not practice at all to demolish. This is also the case for system experts, database experts and source code developers. They spend almost all of their time keeping a system up 7*24 and do not practice about what openings a system has and how this system will become ineffective. Since attackers know this situation very well, they can infiltrate the systems using possible vulnerabilities and cause damages that are almost impossible to repair. For this reason, penetration tests are of great importance in corporate businesses and it is of great importance to perform these tests at least twice a year.
