Infrastructure Security Testing
Digital Innovations Global Infrastructure security testing attempts to exploit identified vulnerabilities, actually exposing the weakest links.
Flaws in software, processes, ineffective configurations and human errors are realities all organisations must face. Cyber criminals are consistently hunting for vulnerabilities and weaknesses to exploit. Finding just one vulnerability may be all they need to gain access to an organisation’s critical assets.
Digital Innovations Global's systematic infrastructure security testing and validation offer real help to IT support teams to identify vulnerabilities timely and, through additional screening, to understand whether they can be exploited.
Stage 0: Discovery
As part of discovery, Digital Innovations Global collects information about the organisation’s networks, servers, ports, applications and services to determine testing scope, with a focus on critical assets. The Discovery stage is achieved by using footprinting, scanning and enumeration techniques.
This information will provide Digital Innovations Global with an accurate IT architecture overview and required insight where probable vulnerabilities or weaknesses could occur, and where valuable information is stored and available. The output of the discovery stage is then documented as an organisation’s blueprint.
Stage 1: Identification
The information gathered from the Discovery stage is used to apply scanning and testing techniques, which will allow identification of vulnerabilities and weaknesses in the networks, servers, systems and applications, with a focus on critical assets.
Two main activities are part of this step:
- Finding known vulnerabilities (based on CVEs)
- Exploring assets for common weaknesses (based on CWE/SANS Top 25 and OWASP Top 10)
Stage 2: Verification
The audit of security flaws can be done in two ways:
- Verifying details with the customer (asset owner)
- Executing a Penetration Testing – Proof of Concept (PoC)
Stage 3: Reporting
After the verification step, Digital Innovations Global experts produce an infrastructure security testing report on the testing performed and the information obtained on vulnerabilities and weaknesses that result in security flaws.
The report contains as a minimum the following items:
- Summary of vulnerabilities: A summary containing all identified vulnerabilities, including their impact.
- Detailed findings of weaknesses: Details of the outcomes of the tests performed by Digital Innovations Global, detailed information for each identified vulnerability, and how we were able to determine these vulnerabilities.
- Risk evaluation and recommendation:
- Impact: Assessment of the impact on the organisation for each vulnerability.
- Likelihood: Assessment of the probability of an exploit to occur.
- Risk evaluation: Based on impact and likelihood of an exploit, a risk evaluation is performed.
- Recommendation: Our recommendation on risk remediation or mitigation and how to do this.
- Conclusion and advice: In the conclusion, Digital Innovations Global will elaborate on the results of the previous items and state guidance on the security posture of the organisation.
Stage 4: Remediation
The recommended security remediation and mitigation actions are presented through a proposed action plan. Digital Innovations Global can support in applying the suggested remediation and mitigation actions; for example, by performing additional testing, assisted patch management, source code review, and architecture design and configuration review.
Stage 5: Rescan
After the remediation stage, a rescan is recommended to validate that all of the necessary remedial actions have been implemented successfully. This re-scan performed using the same vulnerability identification methods.
Digital Innovations Global applies industry standards and best practices as part of its infrastructure security testing and validation methodologies. We conduct white box, black box and grey box penetration testing, and implement targeted testing suitable for an organisation’s unique IT infrastructure.
We aim to provide our customers with optimal insight and actionable plans to effectively remediate and mitigate cyber security risk.