Security Services

Advanced Penetration Test Services

IT organizations are building, maintaining and improving their network defenses against internal and external malicious users and attackers every day. While understanding how well these defenses withstand adversaries, is imperative to keep your fortress secure.

wizlynx group takes the time to understand our client’s business and think like an attacker would. This allows us to gain a holistic overview, as well as a technical point of view. Using set objectives, we will identify the weakest link first, and then escalate until one or several bastions fall, and we gain privileged access to information or systems.

Our penetration testing services leverage a hybrid approach composed of automated and manual testing methods. Attempts to gain privileged access to firewalls, networks and respective devices, servers, IoT, web applications, and other points of exposure will be conducted in a safe and controlled manner, while exploiting identified vulnerabilities. Once a vulnerability has been successfully exploited, our security analysts will attempt to increase their foothold by launching succeeding exploits to gain higher levels of privileges and deeper access to electronic assets and information.

Types of Penetration Tests


Web Applications

Comprehensive penetration test of your web applications, web services and APIs that may be used to store and access critical business information, with the goal to identify and exploit web-borne vulnerabilities. Our pen-testers will use advanced skills and techniques required to test modern web applications and next-generation technologies.


Network & Server Infrastructure

Evaluation of your internal or external information assets’ ability to withstand attacks. Our world-class penetration testers, armed with the same techniques as cybercriminals, will attempt to break into your network, IT infrastructure, and servers to raise awareness about vulnerabilities and the effects of exploitation, as well as end-user adherence to security policies.


Mobile Applications

Access to your mobile applications to identify vulnerabilities specific to mobile computing environments, such as those defined by the Open Web Application Security Project (OWASP) and other emerging industry standards.


Wireless Networks

Comprehensive wireless penetration testing services, ranging from traditional Wi-Fi networks to specialized wireless systems, which include identifying and exploiting vulnerabilities and providing guidance to strengthen such identified weaknesses.

Our Penetration Testing Methodology

At wizlynx group, our penetration testing methodology builds on the approach outlined in the OWASP Testing Guide, Open Source Security Testing Methodology Manual (OSSTMM) and Penetration Testing Execution Standard (PTES).
Preparation
Recon
Mapping
Vulnerability Discovery
Vulnerability Exploitation
Analysis and Reporting

What Are We Testing During a Penetration Test?

The execution of our network penetration test is composed of three main phases explained below:
Active & Passive Reconnaissance

Information gathering about the target organization, as well as identify underlying components such as operating systems, running services, software versions, etc. The following is a non-inclusive list of items that will be tested to allow us to craft our attack in an informed fashion, elevating our probability of success:

  • Open domain search
  • DNS investigation
  • Public information search (search engines, social networks, newsgroups, etc.)
  • Network enumeration
  • Port scanning, OS fingerprinting, and version scanning
  • Firewall enumeration

Vulnerability Identification

Assessment that consists of evaluating the information assets in scope against 80'000+ vulnerabilities and configuration checks, in addition to CWE/SANS TOP 25 Most Dangerous Software Errors and OWASP Top Ten vulnerabilities. wizlynx group uses several vulnerability scanners, as well as manual techniques, to test the many services that are reachable via the network such as SMTP, HTTP, FTP, SMB, SSH, SNMP, DNS, etc. The following vulnerability types can be identified (non-inclusive list):

Service-Side Exploitation

  • Remote code execution
  • Buffer overflow
  • Code Injection
  • Web Application exploitation (XSS, SQLi, XXE, CSRF, LFI, RFI, and more)

Network Manipulation & Exploitation

  • VLAN Hopping attacks
  • ARP Spoofing
  • HSRP/VRRP Man-In-The-Middle attack (MiTM)
  • Routing Protocols MiTM

Identity & Authentication Weakness Exploitation

  • Default username and password
  • Weak and guessable user credentials

Privilege Escalation

  • Race conditions
  • Kernel attacks
  • Local exploit of high-privileged program or service
Vulnerability Exploitation

Using a hybrid approach (automated and manual testing), our security analysts will attempt to gain privileged access to the target systems in a controlled manner by exploiting the identified vulnerabilities in previous phase “Vulnerability Identification”.

Penetration Testing Exploitation Examples

Supported Web Application Testing Approaches

wizlynx group’s web application penetration testing services support the following testing approaches when assessing web apps:

Blackbox Web Application Penetration Test

Refers to testing a system without having specific knowledge of the inner workings of the information asset, no access to the source code, and no knowledge of the architecture. This approach closely mimics how an attacker typically approaches a web application at first. However, due to the lack of application knowledge, the uncovering of bugs and/or vulnerabilities can take significantly longer and may not provide a full view of the application's security posture

Greybox Web Application Penetration Test

Refers to testing the system while having some knowledge of the target asset. This knowledge is usually constrained to the URL of the application, as well as user credentials representing different user roles. Greybox testing allows focus and prioritized efforts based on superior knowledge of the target system. This increased knowledge can result in identifying more significant vulnerabilities, while putting in much less effort. Therefore, greybox testing can be a sensible approach to better simulate advantages attackers have, versus security professionals when assessing applications. Registered testing allows the penetration tester to fully assess the web application for potential vulnerabilities. Additionally, it allows the tester to verify any weaknesses in application authorization which could result in vertical and/or horizontal privilege escalation.

Whitebox Web Application Penetration Test

Refers to testing the system while having full knowledge of the target system. At wizlynx group, our whitebox penetration test is composed of a greybox test combined with a secure code review. Such assessments will provide a full understanding of the application and its infrastructure’s security posture

What Will You Get?

All findings will be documented in a final report, and then compared with a strengths/weaknesses profile against international standards for IT & Cyber Security. The identified weaknesses will be assessed and supplemented with recommendations and remediation actions, as well as prioritized according to the risk associated. The final report will be discussed during a presentation with you. The report will include a comprehensive and meaningful C-level summary of the executed security audit or penetration test. Additionally, it will include all detailed results with respective evidence and recommendations for future security measures.

wizlynx group Penetration Test Report

Recent Penetration Testing Engagements

Software Development Company
2018

Greybox Web App Penetration Testing of an event registration portal.

Social Security & Insurance Company
2018

Social Engineering Assessment which included four phishing email campaigns and targeting 100 users.

Major Swiss Retail Company
2018

Advanced Penetration Test of all internet facing information assets, such as eCommerce/eShop web app, ERP system, file sharing services, VPN gateway, Email infrastructure, etc.

For the full list of wizlynx’s engagements, please visit our website at: https://www.wizlynxgroup.com/ch/en/cyber-security-switzerland/penetration-test-references
wizlynx group CREST Accredited Penetration Testing Provider

wizlynx Malaysia Sdn Bhd, member of the wizlynx group, is a worldwide CREST Accredited Penetration Testing service provider with CREST certified Penetration Testers and covering mainly Malaysia


Learn more about CREST and the benefits of engaging an accredited penetration testing provider

Our Penetration Testing Certifications

wizlynx's security consultants and penetration testers hold the most recognised certifications in cyber security and penetration testing industry such as: SANS/GIAC GPEN, GWAPT, GCIH, GMOB, OSCP, CEH, CISSP, CISA and more!

Information Security | GIAC Expert Researcher and Advanced Penetration Tester | GXPN
Penetration Test | GIAC Web App Pen Tester | GWAPT
Penetration Test | Offensive Security Certified Professional | OSCP
Penetration Test | GIAC Mobile Device Security Analyst | GMOB
Penetration Test | GIAC Secure Software Programmer .NET | GSSP-.NET
Penetration Test | certified ethical hacker | CEH
Penetration Test | GIAC Certified Penetration Tester | GPEN
Penetration Test | GIAC Certified Web Application Defender | GWEB
Information Security | GIAC Certified Incident Handler | GCIH
Information Security | GIAC Critical Control Certification | GCCC
Information Security | Certified Information Systems Security Professional | CISSP
Information Security | Certified Information Security Auditor | CISA
Information Security | Certified Information Security Manager | CISM
Information Security | Certified in Risk and Information Systems Control | CRISC
Information Security | Certified in the Governance of Enterprise IT | CGEIT
Request Sample Report
Contact An Expert
Top