Penetration Testing

ITI’s penetration testing can detect vulnerabilities within your IT network system and protects you from cyber attacks. Total penetration testing services can be carried out on a wide range of environments, from web applications, networks (including Wi-Fi), and servers, to smart devices.

Our network security experts perform sophisticated penetration tests “in person” from the attackers’ point of view. Knowing the characteristics of your IT system, our network analysts and engineers execute the best-fitting methods to detect vulnerabilities.

You can be assured that penetration testing strictly follows security guidelines and fully adheres to regulations set by the Japanese Government. Test results provided by ITI can be used as evidence and a record for audit


Major Items for Web Applications Assessment

 Penetration Test Items:

1.  Cross-Site Scripting

Verifies whether the insertion of a script is possible, which makes it possible for malicious scripts to penetrate the web server, as well as the web browsers of the clients. As a result, the attacker could steal the cookie information of clients, and could cause identity theft.

2. SQL Injection

Verifies whether it is possible to use SQL command to illegally operate the database. If SQL injection to the database is possible, this could lead to unauthorized access to stored procedures and external programs. As a result, personal information may be accessed (and subsequently leaked) or amended (to cause information falsification or loss). There is also a risk of unauthorized access

3. Session Management Security

Verifies whether there is a problem with the session management of web applications. If the information that is used for session management can be guessed, screens that require authentication become accessible, even without authentication, and attackers are able to log in using someone else’s details. As a result, there is a risk of personal information being accessed (and subsequently leaked) or amended (to cause information falsification or loss).

4. Authentication Function Security

Investigates safety against unauthorized access to bypass authentication. If authentication is bypassed, illegal access to a system will occur through login spoofing. As a result, there is a risk of personal information being accessed (and subsequently leaked) or amended (to cause information falsification or loss).

5. File Extension Confirmation

Verifies the presence of common back-up files and confirms that data files are in accordance with the URL of the web application. Successful exploitation may result in unauthorized access to restricted resources, including the personal information of users within the target web application.

6. Security Against OS Command Injection

Evaluates whether it is possible to execute arbitrary OS commands by injecting meta characters or using SSI. If it is possible to execute arbitrary OS commands, the web server OS may be controlled. Successful exploitation may result in theft of the web server password file and administrator privileges.


Major Items for Platform Assessment

Categories:

1 Backdoors and Trojan horses

2 Brute force attack

3 CGI

4 DNS

5 Database

6 FTP

7 Finger

8 General remote services

9 Network appliance

10 Information gathering

11 Local

12 Mail

13 NFS

14 NNTP

15 Proxy

16 RPC

17 SMB / NETBIOS

18 SNMP

19 TCP/IP

20 Web

21 Windows