Penetration Testing actively attempts to exploit vulnerabilities and exposures in the customer environment. You can learn more about the value and the outcomes of this services.

1. Application
Penetration
Testing

2. What is pen
testing?
Penetration Testing actively attempts to
exploit vulnerabilities and exposures in
the customer environment. We simulate
the tactics, techniques and procedures of
real-world attackers targeting your high-
risk cyber assets. This will help you to:
• Identify and mitigate complex security
vulnerabilities before an attacker
exploits them
• Identify and mitigate vulnerabilities
and misconfigurations that could lead
to strategic compromise

3. GDPR and Penetration Testing
 In Article 32, GDPR requires that “controller and the
processor shall implement appropriate technical and
organizational measures to ensure a level of security
appropriate to the risk”
 The GDPR recommends that you assess applications and
critical infrastructure for security vulnerabilities and that
the effectiveness of your security controls are tested
regularly, services such as penetration testing and regular
vulnerability assessments would help meet this
recommendation

4. What will you get
• High level executive summary report
• Technical level, reproducible report for
application's vulnerabilities
• Fact-based risk analysis to validate results
• Tactical recommendations for immediate
improvement
• Strategic recommendations for longer-
term improvement

5. TSS Penetration Testing Approach
 Our approach is based on the latest
version of the leading web security
industry standard “OWASP Testing
Guide” complimented by TSS
proprietary security testing process
 Testing covers Web and Mobile
Applications

6. Applications penetration
testing procedure
THE FOLLOWING FIGURE WILL SHOW THE DETAILED STEPS OF THE APPLICATION ASSESSMENT
METHODOLOGY AND THE MAIN SUB-STEPS INSIDE EACH MAIN STEP:

8. Reporting is not the final stage
1
Pen Testing
2
Remediation
3
Quick Pen Testing

9. Sample of Findings
Application Vulnerability
Cross Site Scripting attack (XSS)
Click jacking attack
Brute-force attack
SQL injection
Code Execution via File Upload
Command Injection
Server-Side Request Forgery
Password Transmitted over HTTP
Source Code Disclosure
Server Information Disclosure

10. Examples of
used tools
• Burp Suite
• Acunetix
• Netsparker
• Zed Attack Proxy
• Charles proxy
• Nikto
• Uniscan

11. Service Packages

12. Services Packages Basic Advanced Ultimate
Analyze the application
In-Depth scan for potential threats
Exploit the vulnerabilities using smartly crafted payload
Secure Code Review
Reports
Executive Summary
Vulnerabilities classification and description
Vulnerability exploitation procedure description
Vulnerability recommended remediation
Code security issues/bugs and violations
Recommended security code fixes and controls

13. TSS is specialized in
information/cyber security services
What We Do?
We help clients focus on their core
business while we take care of
securing their information technology
environment. We partner with leading
technology providers to deliver
transformational outcomes.

14. Team
Information Security
Certifications
• CEH – Certified Ethical Hacker
• OSCP - Offensive Security Certified Professional
• CSSLP - Certified Secure Software Lifecycle Professional
• CISA - Certified Information Systems Auditor
• CISCO information security specialist
• ISO 27001 LA & IA Certified
• SANS-GCIH
• SANS GSEC
• MCSE + security
• CISM - Certified Information Security Manager
• ....

15. Abdo Wahba, Product Head, Customer
Alliance CA GmbH
As the Head of Product at Customer
Alliance, frequent testing for the product
security is mandatory for me. I was
looking for a partner who has the hands-
on experience and delivers on time to
maintain our delivery plans without
disruption.
We evaluated different offers and found
that TSS offer is matching our
expectations. The team showed high-
level of experience, they delivered on
time and they were very responsive.

16. Free Download
Penetrations Testing Guide