Sababa Penetration Testing includes complex diagnostics of a company’s digital assets, aimed to identify its
individual threat vectors and areas of improvement. It aims to
• check how robust the different corporate infrastructure systems are;
• define practical cyber-attack threat vectors;
• identify active vulnerabilities and provide recommendations on their elimination.
The service brings some additional benefits, especially in the time of transformation or other changes, when people are stressed and stretched and therefore more likely to make mistakes. Sababa Penetration Testing backs up corporate security in case of a human error as well as brings confidence to the internal IT/OT security teams and allows them to focus on what is important for business.
THREAT MODELLING AND VULNERABILITY ANALYSIS
Subject to penetration testing
Different assets and can be evaluated, including web and mobile applications, wireless networks, source code, Active Directories, cloud security solutions, IoT, blockchain, as well as configurations of the software used on IT and OT networks.
Based on the international reference standards, the Penetration Testing can be conducted on behalf of external or internal intruders, with different initial privileges to your network, including black/grey/white-box modes, tandem, reversal and others.
The project goes in line with the guidelines described by the OSSTMM and OWASP methodologies, internationally recognized in the field of cyber security, vulnerability assessment and penetration test.
Red Teaming and adversary simulation
Any company has got sensitive applications, data, and other critical assets, that are scanned for vulnerabilities, assessed, and regulated by policies and procedures.
Our red team tries to outsmart your colleagues and bypass your security like a real attacker would do by:
• collecting intelligence in open source, deep web and darknet;
• calling your users from fake numbers, impersonating colleagues, customers, or suppliers;
• sending emails, letters, and weaponized USB devices.
We provide a comprehensive report with detailed remediation plan at the end of the activity.