2. Our mission
• We at White Hat Solution provide actionable intelligence to uncover major
and minor security issues with the potential to negatively affect your corporate
environments.
• Our team provides automated and manual vulnerability test to identify risks
and allow you to take action to mitigate and eliminate threats.
www.whitehatsolution.com
4. Scope
• Initial planning of the audit.
• External Scanning/ Footprint.
• Internal Scanning.
• Vulnerability Assessment.
• Metasploit basics.
• Post Audit reporting.
www.whitehatsolution.com
5. What we look for?
• Backdoors in Operating System
• Unintentional flaws in the design of the software code.
• Improper software configuration management implementation.
• Using the actual software application in a way it was not intended to be used.
www.whitehatsolution.com
6. What we target?
• We target the following endpoints:
• Servers
• Network endpoints
• Wireless networks
• Network Security Devices (Routers, Firewalls, Network Intrusion devices, etc)
• Mobile and wireless devices.
• Software applications
www.whitehatsolution.com
7. PenetrationTest
• It is an information security assessment.
• The purpose of Pen Test is to measure the security posture of information
systems, software, networks and human resources.
• Pen Test involves actual interaction with the above mentioned elements.
www.whitehatsolution.com
8. Purpose of PenTest
• It is designed to answer the following question:
• What is the real-world effectiveness of my existing security controls against an active,
human, skilled attacker?
• Identifying higher-risk vulnerabilities that result from a combination of lower-risk
vulnerabilities exploited in a particular sequence.
• Identifying vulnerabilities that may be difficult or impossible to detect with automated
network or application vulnerabilities scanning software.
www.whitehatsolution.com
10. Types of PenTest
• Black Box testing.
• White Box testing
• Gray Box testing.
www.whitehatsolution.com
11. Black BoxTesting
• In this test we do have information about internal working of the particular
Web Application or its source code and software architecture. In this scenario
we use brute-force attack against IT infrastructure.
www.whitehatsolution.com
12. White BoxTesting
• This is also known as “Clear Box Testing”, during this test we have full
knowledge and access to both the source code and software architecture of the
Web Application.
www.whitehatsolution.com
13. Gray BoxTesting
• During this test we have partial knowledge of internal workings. This is
restricted to just getting access to the software code and system architecture
diagrams.
www.whitehatsolution.com
14. Vulnerability Assessment
• It is a process of identifying and quantifying security vulnerabilities in an
environment.
www.whitehatsolution.com
15. Steps we take forVA
• Catalogue assets and resources in a system.
• Assign quantifiable value and importance to the resources.
• Identify the security vulnerabilities or potential threats to each resource.
• Mitigate or eliminate the most serious vulnerabilities for the most valuable
resources.
www.whitehatsolution.com
16. Conclusion
• We are a team of Certified PenetrationTest, Network Forensics and Ethical
Hackers.
• After we have performed PenTest and/orVA, we provide a full audit report
with recommendations on how to improve IT infrastructure to ensure no
unauthorized access occurs.
www.whitehatsolution.com