inwi Business Cybersecurity – Services

Penetration tests

In order to identify vulnerabilities in their IT systems, businesses call on security experts who know how to put themselves in the shoes of an experienced hacker to try to penetrate a given target.
 
Thereby, the risks related to the discovered vulnerabilities can be reduced if the necessary modifications are implemented.
 
Penetration testing (or "pen-tests") is not to be confused with vulnerability auditing, which consists of evaluating a system or an application based on a repository that is generally the company's security policy.

01. Planning
Definition of the scope and objectives of the test, including the systems to be addressed and the test methods to be used.

02. Discovery
Interpretation of the data collected in phase 1.

03. Attack
Use of various attacks types (application, system, network, etc.) in order to exploit the target's vulnerabilities to achieve "Privilege Escalation".

04. Reporting
Reporting the results of the penetration test to the client.

Black-Box pentesting
The tester is left alone to gather as much information as possible about the target network/system.

White-Box pentesting
The tester has complete knowledge about the target network/system. This can be considered as a simulation of an attack executed by someone acting from inside the company.

Gray-Box pentesting
This is a hybrid of the two previous approaches. The tester normally has limited information about the target network/system, to minimize costs and errors on the part of the tester.

Security audit of IT Systems

Moroccan legislation emphasizes a set of best practices covering a range of procedures that have a direct impact on the security and business continuity of any infrastructure. These procedures include:

  • Security policy;
  • Security organization;
  • Backup and recovery policies;
  • Update procedures;
  • Incident management;
  • Awareness campaigns;
  • Etc.

Assessing policies, access management, regulatory implementation and other organizational security aspects, the security organizational audit ensures both compliance and good governance validation of customers’ IT systems. This audit results in a report presenting the results, along with a roadmap written by our experts that contains prioritized measures and practices to be implemented to improve your security level.

Auditing your IT infrastructure allows you to remedy any breach that could lead to a computer intrusion and, in the worst case scenario, a total compromise or a data leak.

The audit is not only based on software security flaws (CVE) but also on configuration errors and on the way employees use the IT tools within the company intranet.

The technical audit groups together a set of audits types:

  • Source code audit: determining the bugs and flaws existing in the code;
  • Audit of architectures: determining the flaws in the IS architecture;
  • Configuration audit: determining misconfigurations that can lead to security breaches.

Strengthening each of these critical parts of any information system makes the foundation of the system much more resilient and robust to attack.

Please fill in your contact details and an inwi Business consultant will call you back

Connectez-vous avec inwi

Copyright 2024 ©. Tous droits réservés.