Penetration Test

Secure Your Network with Penetration Testing!

Penetration Test

What is Penetration Test ?

Penetration testing is a attack simulation from inside or outside the system to see vulnerabilities and take protection before the real attack occurs.

Why Perform Penetration Testing?

To keep security skills of the company at high level

To see attacks from outside and take protection

To keep secure of the system investment

To prevent information loss that can be caused by security vulnerabilities

Types of Penetration Test

BlackBox; Black box testing assumes no prior knowledge of the infrastructure to be tested. (Simulating outside attackers).

WhiteBox; White box testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information. (Simulating employees)

GreyBox; Grey box testing analyzes possible potential harm to the system from unauthorized user in internal network.

Pentest Checklist

External Network Security Tests


Determining the DNS Server

Zone Transfer Tests

Reading records with DNS Bruteforce

DNS Subdomain Detection

DNS Cache poisoning tests

B. Detection of IP Blocks

C. Detection of Whois Information

D. Email Tests

E-Mail Title Analysis

Fake E-mail Access tests

E-Mail Server Vulnerabilities tests

E-mail accounts password tests

E-Mail Server Malware testing

SMTP Relay Tests

Blacklist Controls

E. Mapping of Open Systems

Detection of services open to the Internet

Testing of weaknesses of services

Password tests for services

Testing the weaknesses of services

F. Employee Identification

G. Website Information Gathering

E-Mail Title Analysis

Fake E-mail Access tests

E-Mail Server Vulnerabilities tests

E-mail accounts password tests

E-Mail Server Malware testing

Physical security tests

Server Room


Network infrastructure

Social engineering tests

Computer based social engineering tests

Human-based social engineering testing

Phishing methods application and detailed reporting

I. Wireless Network penetration tests

SSID Detection

Detection of Encryption Types

Detecting clients connected to Wireless Network

Wireless Network Listening tests

Password testing against WEP encryption

WPA & WPA2 Cipher tests against encryption

WPA Enterprise Cryptographic password testing

Password testing against 802.1x encryption

WPS Service tests

Fake Access Point Tests

Wireless Signal Distortion tests

Password security tests with corporate services

Tests of Open Systems Against DOS Attacks

SYN Attack



DNS Dos Attack

UDP Dos Attack

Smurf Attack

DNS Elevated Attacks

Web Application Installation Tests

K. Web Software Tests

Analysis of data entry forms

Analysis of data output

Performing authentication tests

Session management and Authorization tests

Cross-site scripting (XSS) tests

SQL Injection tests

Command Injection tests

Error management tests

CSRF Tests

WAF Detection

WAF Jumping tests

Internal Network Security Tests

A. Detection of active systems.

Network mapping

Determine the operating systems at the Network

The roles of detected systems and devices

Detecting open ports

Determine the services on open ports

B. Detecting Vulnerabilities

Testing of vulnerabilities

Unauthorized access to the system using the identified vulnerabilities

C. Testing IDS, IPS, Firewall, Content Filtering & Similar Security Applications.

Determination of authorized network traffic

Filtration bypass tests

Controls for guest access policies

D. Company internet access policies tests.

E. Control of Anti Virus and Anti Spam software.

F. Network sniffing and password security tests.

ARP Poisoning tests

Network Protocol usage analysis

Extracting important data from network traffic

Session replay tests

G. Password Policy Controls

H. Display Crash Policy Controls

I. End User Tests

Privilege Escalation Tests

USB and CD Usage Policy

Boot controls

Filtering bypass tests

Usage areas password detection

J. File Access & Controls

Unauthorized access controls

K. Database Server Tests

Database access password attempts

Unauthorized access tests






Penetration Test Standards

Bg-Tek Penetration tests are compatible with industry standard certification programs and standards.



PCI Scanning Procedures
The Penetration Testing Execution Standard
Security Standards Council

Penetration Test Reporting

During the test

Transactions are reported at the end of working hours on a daily basis

Vulnerabilities and Exploits

To reach unauthorized data and traffic abnormalities

After Test

After penetration test, the vulnerabilities and the solutions are reported.

Includes Determination of security policies and contains suggestions for implementation.

Verification Test

Once the security test has been completed and the report has been submitted, the institution may request a re-verification test, stating that the weaknesses have been closed.

Verification test The safety test is applied to verify whether the detected weaknesses in the results report are detected again.