Security Testing 

What can Defendable help you with?

• APT Simulation

  Defendable APT Simulation is our newest security testing solution, tailor made for customers who recognize the limitations in timing and scope of stand-alone penetration tests.

  While single tests are valuable tools for many organizations, they are just a snapshot of your security posture and will thus miss developments over time.

  This is the problem Defendable APT Simulation solves, by utilizing the skills and experience of our security testing team to deploy the same TTPs (techniques, tactics and procedures) as real attackers over time – thus uncovering more vulnerabilities than any traditional test can.

  When we uncover critical vulnerabilities in your systems, you will be alerted at once, ensuring your security posture is improved every single day.

  Learn more about APT Simulation

• Web application security testing

  Defendable’s experienced consultants will perform manual vulnerability analysis using proxy tools, where it is possible to manipulate parameters on the client-side. The testing is focused on the web application interfaces, input fields and integration APIs. The testers will first get familiar with the business logic, and then attempt to escalate privileges or obtain access to the information of other users. We also use manual testing to verify vulnerabilities found by vulnerability scanning.

  If the testers successfully compromise the web application or underlying infrastructure, the system owner will be alerted. The testers can then try to obtain access to internal networks, machines or databases if the system owner approves expanding the scope beyond front-end servers.

  All tests are done according to the latest OWASP TOP 10 standard. If requested, it is possible to perform OWASP ASVS (Application Security Verification Standard) review, where the team will verify technical security controls together with developers in order to tailor security requirements to fit specifically the tested application.

• External Vulnerability Assessment

  External Vulnerability Assessment is a service that helps identify potential vulnerabilities in publicly exposed services, such as web servers, firewalls, and other network infrastructure. The assessment is conducted by automated tools that conduct a quick and targeted scan to assess the security posture of an organization from an external threat actor’s point of view.

  The focus of the assessment is on exposed services that may serve as entry points for threat actors. It provides a snapshot of a company’s external security landscape, allowing them to address and mitigate potential risks. By identifying and resolving vulnerabilities on a regular basis, organizations can ensure the resilience and security of their services.

• Source code review

  A security Source Code Review involves a meticulous examination of a software application's underlying source code to identify potential vulnerabilities or weaknesses, ensuring that it remains resilient against cyber threats. This goes beyond surface-level testing, delving into the codebase to catch issues like insecure coding practices, improper input validation, improper secret management, errors in business logic and other potential issues that could be exploited by external or internal attackers.

  A classic source code audit focuses on identifying specific parts of the code that are most likely to be exposed to real-world attack scenarios. These critical areas are then examined in detail.
  The review can be performed as a part of an application security test. This process complements the manual testing of the application, allowing to pinpoint the cause of the vulnerability, and provide better recommendations for improvement.

• Mobile security testing

  Mobile applications  

  During mobile application security testing Defendable will verify if Android and iOS applications are following best and latest security practices and if correct safety measures are applied depending on the application threat model. The tests will include static analysis, which aims to identify weaknesses in the application code as well as dynamic analysis, where testers proactively look at the application behavior under different conditions. Mobile API would also be tested using tools such as BurpSuite Professional.

  Mobile devices

  Defendable can perform security assessment of mobile devices (Android and iOS) used by Company’s employees or devices for promotional / office purpose (like tablets, screens in the office). The tests can include MDM (mobile device management) configuration review, device security verification and in case of office / promotional devices, possibilities to escape application’s sandbox / secure view. 

• Cloud security testing

  Over the years, cloud infrastructure has become more and more prevalent in customer environments, through the use of Cloud Integrations, Software As A Service (SaaS) and/or Platform As A Service (PaaS) offerings.

  Our team can perform security assessments of the leading cloud providers, including but not limited to:

  • Microsoft Azure

  • Amazon Web Services

  • Google Cloud Platform

  During the assessment we focus on access management, cloud storage, cloud integrations, cloud interfaces and configuration issues that could lead to the compromise of company’s resources, elevation of privileges and/or other impacts depending on the attack scenario.

• External penetration test

  External penetration test is a way to verify all the external attack surface a company can have. It can be performed in two different ways:

  • Black box, meaning no information will be given to the testers and they will find the assets to test using the same techniques a threat actor would

  • White box, where the list of the assets to test is known and the team will focus on these

  External network testing is also an effective way to map external resources that the company might not be aware of.

  Defendable team will use the same tools and techniques real threat actors would to find vulnerabilities in public facing devices and applications. This is done with the goal of understanding how these assets could be exploited to affect the company business or get a foothold to the internal networks.

  This kind of test will include:

  • Subdomain enumeration

  • Manual and automated scanning

  • OSINT

  • Exploitation of found vulnerabilities

• Internal penetration test

  Internal security testing is based on an “assume breach” scenario, where it is assumed that the threat actor already has access to the company’s internal network. The threat actor could have gained internal access through compromised accounts, phishing, social engineering or could be a malicious employee. The test is customized to each customer’s individual needs, but usually, it is performed with the goal of identifying and exploiting vulnerabilities in the network and in order to escalate privileges from a starting point of a compromised user and workstation and then to move laterally within the corporate network.

  Internal network security testing is a proactive approach to identify and mitigate security risks before they can be exploited by malicious actors. It helps organizations to identify and address vulnerabilities within their own network, which could be exploited by malicious insiders or threat actors like ransomware groups who have gained access to the internal systems . The test is designed to simulate a real-world attack scenario and identify the weaknesses in the network security controls.

  Internal testing helps organizations to:

  • Identify and address vulnerabilities within their own network

  • Evaluate the effectiveness of their security controls

  • Evaluate the effectiveness of their Security Operation Center (SOC)

  • Improve their overall security posture

  • Ensure compliance with relevant regulations

  • Find misconfiguration and other vulnerabilities which are not caught by vulnerability scanners

  Internal network security testing is a complex process that requires specialized skills and expertise. Defendable have a lot of experienced penetration testers ready to help.

• Physical pentest

  Physical penetration testing is a simulated intrusion attempt to identify weaknesses in a company's physical security barriers. Physical access to computer and network equipment can potentially bypass common digital security barriers such as e.g. firewalls, IDS etc.

  Defendable can test physical security of client’s office or buildings where the business is conducted. The test includes:

  • Test of physical security through attempts to gain access to the customer's offices.

  • Attempts to gain access to internal IT systems by sneaking into technical rooms or exploiting unsecured networks and computers.

  • Report with results and recommended measures.

• Phishing and vishing exercises

  Phishing is the number one attack vector used by cyber criminals. Phishing exercises is a social engineering technique that can be used to measure the risks associated with the human element of security. How easy will it be to trick my staff into giving away their login credentials to a fake login page, or performing some other action that benefits an attacker?

  Our phishing exercises can tie into your existing company security awareness work, they can be a one-off test to raise awareness with both staff, management or board, or we can even build your security awareness campaign along with our advisors if you want.

  The level of sophistication is fully adaptable, but the typical package deal includes three exercises with increasing difficulty, where the first may be something generic like a message from IT to update your password or delivery issues with a shipment. The second will be a bit more advanced, perhaps a shared document that seem relevant to your sector. The final message may be targeted to use company branding, refer to real internal processes and appear to be sent from a trusted source.

  Vishing is a form social engineering attack that happens over the phone with the aim of retrieving confidential information or unauthorized access. A typical example is an attacker pretending to be an employee and requesting to the company’s service desk a password’s reset. Defendable can perform vishing exercise for its customers, the service can be delivered in several languages.

• Red Team exercises

  A red team exercise is an effective demonstration of the concrete risk posed by an APT (Advanced Persistent Threat). Testers will imitate real attacks carried out by advanced threat actors by attempting to compromise predetermined objectives through known tactics, techniques and procedures (TTP). The extensive, complex security tests are best suited for companies that want to improve a mature security organization. A red team exercise includes three core testing areas:

  • Technology: Internet-exposed services and internal IT networks in the company.

  • Physical: Buildings, offices and physical infrastructure.

  • People: Employees, customers, clients who bind technology and the physical world together.

  Not necessarily all areas have to be included in each red team exercise.

• TIBER exercise (Threat Intelligence-Based Ethical Red-teaming)

  The TIBER framework is a comprehensive approach to threat intelligence-based ethical red-teaming from the European Central Bank (TIBER-EU) with a corresponding Norwegian implementation (TIBER-NO).

  The framework includes a set of specifications that need to be followed throughout the entire project. The goal is to perform a project that is tailor-made to simulate an attack on the critical functions of clients. The outcome is intended to reveal the strengths and weaknesses, enabling the client to reach a higher level of cyber maturity.

  It consists of the following phases:

  • Targeted Threat Intelligence Phase: With the use of available information from both the Scope and Generic Threat Landscape Report as well as collected information from various other sources, the TI-provider identifies the entity's treat landscape, its most likely and capable actors, their intention, and modus operandi.
    
    The process culminates in the generation of several plausible and realistic threat scenarios for the test.

  • Red Team Phase: Simulate relevant types of attacks based on the TTI Report in a comprehensive Red Team exercise.

• OT security testing

  Defendable is using its own methodology for OT penetration test inspired by several industry standards like PTES, IEC 62443 and OWASP to adapt to the industrial sector needs. We work closely with the engineers on site and different vendors to be able to understand the infrastructure and systems in place. This assures us to work in good condition and to avoid breaking any systems.

  All vulnerabilities that are found will be detailed in the report including the description, the steps of exploitation and remediation. They will be categorized according to the impact on the system and the
  likelihood of exploitation.

  Defendable is able to test all kind of devices including PLCs, HMI, Workstations (Windows and Linux), servers (Windows and Linux), switch, routers, firewall and wireless communication (WiFi, Bluetooth).