Axians was engaged to conduct penetration tests for Schaltag, focusing primarily on border infrastructure elements.
External penetration test and web application testing.
Execution of external penetration test focused mainly on perimeter infrastructure. Brute force attack on employees’ credentials was executed as part of the test. Web application testing included automated test followed by a manual testing. The Open Source Security Testing Methodology Manual (OSSTMM) and Penetration Testing Execution Standard (PTES) were used for external penetration test, and the Open Web Application Security Project (OWASP) standard was used for web application testing. A grey-box approach was used to perform the tests.
The used standards:
- The Open Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing Execution Standard (PTES)
- Open Web Application Security Project (OWASP)
- A grey-box approach for best practice analysis
- Assessment of enterprise exposure to threats and vulnerabilities
- Verification of efficacy of security controls and security processes
- Getting input to the development of security and risk management improvement programs.
- Helped to achieve compliance objectives.