Ministry of Justice of the Czech Republic cooperates with Axians to protect its infrastructure.
Penetration testing (web applications and infrastructure).
External penetration test focused mainly on externally published web applications and we services and included also customer border IT infrastructure. Internal penetration test focused on overall IT infrastructure of the customer. Emloyee’s credentials were targeted during the test with brute force attack. Automated testing was used as a first step in the penetration test followed up with a manual approach. We used The Open Source Security Testing Methodology Manual (OSSTMM) and Penetration Testing Execution Standard (PTES) for internal and external penetration tests and Open Web Application Security Project (OWASP) standard for web application testing.
The used standards:
- The Open Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing Execution Standard (PTES)
- Open Web Application Security Project (OWASP)
- Assessment of enterprise exposure to threats and vulnerabilities
- Verification of efficacy of security controls and security processes
- Getting input to the development of security and risk management improvement programs
- Helped to achieve compliance objectives.