A vulnerability is the risk that an attacker can access the system or the data it contains and break the data or authentication. Vulnerabilities often arise unintentionally during software development and implementation. Common vulnerabilities include design flaws, configuration errors, software bugs, etc. 

Penetration analysis is based on two mechanisms: Vulnerability Assessment and Penetration Test (VAPT).

Why create a Penetration Test?

Institutions from all sectors, especially banks and financial companies, want to secure their data. Proactive Penetration Test is the best protection against hackers to prepare the organization if the software system has already been attacked by determining if there are still threats in the system to prevent future attacks.

The type of penetration test usually depends on the scope and whether the organization wants to simulate an attack by an employee (internal threats) or external sources. 

The types of “Information Security Risk Analysis Method” that we offer as Tecron are as follows.

White Box Testing – Open Disclosure Method

We get all the information about your facility from you and do not go beyond that information in this test scenario. 

The externally accessible web server, FTP server and other terminals that you want to test will be tested. As a result of this test, a detailed Turkish report will be provided to you. 

Gray Box Testing  – Partial Disclosure Method

Gray box tests are the most popular type of test. As with white box testing, we receive all the information you can give us, as well as the information about the terminals you want tested. Unlike white box testing, our ethical attackers evaluate the risks versus vulnerabilities they encounter by taking the initiative, reviewing the attacks that can be performed on other points in the system with the newly acquired information, and performing a simulation of attacks. 

As a result of this test, you will also receive a detailed Turkish report. 

Black Box Testing – Non-disclosure method

This test is performed without obtaining information from you, but simply by obtaining information that an attacker can obtain. Our ethical attackers perform completely surprising simulations of ethical attacks for this type of test. An attacker can use many methods to obtain information, such as contacting the company by phone, tapping a wireless connection, listening to a server, etc. 

The duration of these ethical attacks is entirely at your discretion. No information will be removed from your system, and no intentional action will be taken to stop your systems during the ethical attacks. If you wish, you can also have your systems tested for DOS and DDOS attacks. 

Risks and partial methods used to access information during this test will be reported. 

By default, Tecron performs all tests using the “Black Box Testing” method, which is the closest to the real risks.