Penetration Testing

Bithex NSA™ Penetration Testing, Security Assessments and Risk Assessment

Bithex NSA is a technical security assessment and penetration testing of information systems where Bithex consultants follow a detailed methodology to test for, and analyze, security aspects and vulnerabilities of information systems such as network servers and software solutions.

Vulnerability scanning is performed, software configuration errors are tested for, exploit code and methods are analyzed and executed. Firewall settings, VPN and IDS/IPS system settings are tested.

Compliance to standards and regulations and risk assessments

Today, many companies are required to fulfill standards and regulations on regular security assessments and vulnerability analysis of information system assets.

Bithex NSA security assessments are useful in such cases and can be used to test for several requirements mandated by standards such as ISO/IEC 27001, PCI DSS and other.

Sample requirements tested include controls against malicious code, information security of network services, password use, network access restriction, information leakage, documentation and control of technical vulnerabilities, annual security scans and penetration tests and more.

What’s included in Bithex NSA security assessments?

The Bithex NSA test plan and execution covers security assessments of company’s external and internal networks, according to the customer’s wishes. Test plan components commonly are:

  • Network enumeration to identify hosts and network services.
  • Detailed network scan and fingerprinting to identify services like http, https, smtp etc.
  • Port scan attacks to analyze firewalls and network appliances.
  • Vulnerability scanning to identify breaches and malicious code like trojans, backdoor and more.
  • Search for vulnerabilities in online vulnerability databases for systems under test.
  • Penetration testing on external and internal networks
  • Security assessment of web applications (Bithex WSC).
  • Disclosure of sensitive content and system source code.
  • Code review of web applications.
  • Total web site content crawling and analysis with test of access to suspicious content.
  • Authentication and authorization system analysis and test of brute force login attacks.
  • Client side parameter tampering, cross site scripting, Injection attacks/misuse and remote command injection/execution.
  • WiFi network security assessment and testing.
  • Firewall and VPN security testing.
  • Assessment of access to critical network equipment on customer premises.
  • Issue and risk classification according to Bithex Security Issue Risk Level Definition.

Tools and methodology

Bithex consultants follow documented procedures in execution of security assessments. The Bithex NSA methodology is built around standards and best practice on information security testing, such as NIST-SP800-115 and OWASP Testing Guide.

Procedures are both automated and manual in many scripted steps. Methods and tools used in penetration projects do vary with the type of systems and services under test. To name just a few tools, the most common are: Nmap, Ncat, Hping, Metasploit framefork, Sqlmap, OWASP Zap, Web developer, Searchsploit, testssl.sh, command line scripting and any direct manual methods, e.g. in web sites and interfaces.

Price

Price for Bithex NSA security assessments and penetration testing depends on the scope and network size. Please contact us for more details and a price quote.