Penetration testing is the next logical extension from vulnerability testing. We can perform white box, gray box and black box testing.
At Arbala Systems, we approach penetration testing with an emphasis on real-world attack scenarios. These tests are performed by world-class security engineers (ethical hackers) using a variety of tools and comprehensive manual analysis to uncover vulnerabilities where critical systems may be exploited, or sensitive information may be disclosed. Vulnerabilities that are discovered are categorized and prioritized by risk, then manually validated to eliminate false positives. With this powerful information, our engineers work closely with security teams to provide recommendations that align with business productivity and connectivity needs.
White Box Penetration Testing
Arbala Systems is provided with detailed information about the target environment such as the IP addresses, source code, URL, operating system, services, etc. to test. Specific information about potential vulnerabilities or areas of increased concern may also be disclosed.
Gray Box Penetration Testing
Arbala Systems is provided with limited information about the target environment such as that provided during a White Box disclosure level. This level is also very collaborative in nature and often evolves into more targeted testing around specific focus areas after an initial phase of information and intelligence gathering.
In-Depth Penetration Testing
This service assesses the potential risk of each of the vulnerabilities discovered by first performing an in-depth Vulnerability Assessment. This in-depth evaluation of your environment identifies areas that could potentially be exploited to gain access to confidential information by assigning quantifiable values of importance to assets and resources. Our security experts then use a proprietary methodology to assess the targeted hosts, ensuring that each in-scope asset is thoroughly tested, and all potential issues are discovered.
Black Box Penetration Testing
Arbala Systems is provided no information about the target environment. This type of penetration testing is initiated completely blind and requires the tester to first determine target assets and then identify potential vulnerabilities. This simulates the anonymous nature of an Internet threat vector.