Black Box Penetration Testing

Out of every 10 servers tested by the SMCS Risk Team, 40% end up with the security team being able to perform one or more of the following:

Denial of Service – bringing the service to a complete halt.
Spying – extract external information such as DB tables, user passwords and confidential files.
Contamination – modify websites and applications causing them to display and/or transmit specific data.

SMCS Risk evaluates the security of a computer system or network by simulating an attack from a malicious source (hacker). The process involves an active analysis of the system from the position of a potential attacker for any potential vulnerability that could result from improper system configuration, outdated hardware or software, or operational weaknesses in process or technical countermeasures.

Any security issues that are found are condentially presented to the system owner, together with an assessment of their impact, and with a detailed proposal for a quick resolution of the discovered breach. The intent of a penetration test is to determine the feasibility of an attack and the amount potential damage of a successful exploit, if discovered.