Trust Stamp Penetration Test Services
Trust Stamp Penetration Test service is a unique test that is designed especially for companies that operate in the e-commerce industry. It is a crucial routine test that must be carried out every quarter alongside the once a year Trust Stamp implementation.
Internet Security Testing Services
Internet Security Testing service is carried out to identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions. This test is carried out over all the information systems of the organisation that are accessible through the internet.
The test is conducted on all systems that can be accessed with the internet information systems and the following procedure is followed:
- Identification of security vulnerabilities
- Testing the identified security vulnerabilities with manual methods
- Analysing the testing of vulnerabilities and ranking them according to their criticalities
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities.
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted about the elimination or continuation of pre-identified risks and vulnerabilities.
Together with these tests, the security of the web applications is also tested. In cases where web application tests are going to be performed, detailed and separate reporting and efforts will be carried out under the web application security tests heading.
Both tests are carried out remotely and from our offices. There is no need to visit the source of the services or systems. Thus, your business operations will not be interrupted by any means.
We carry out all our tests in accordance with our “MS Internet Security Test Methodology”.
Local Network Security Testing Services
This is security testing carried out over the local networks of your organisation to identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions.
The test is conducted on all information system components as a coverage service and the following procedure is followed;
- Identification of security vulnerabilities
- Testing the identified security vulnerabilities with manual methods
- Analysing the testing of vulnerabilities and ranking them according to their priority
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted again about the elimination or continuation of pre-identified risks and vulnerabilities.
Based on the request of the organisation, these testing services can be provided in black, grey, and white box tests form.
Together with Local Network Security tests, the security of the web applications is also tested. In cases where the web application test is going to be performed, detailed and separate reporting and efforts will be carried out under the web application security tests protocol.
Local Network Security tests are carried out on-site, where your network is located within your business.
We carry out all our tests in accordance with our “MS Local Network Security Test Methodology”.
Wireless Network Security Testing Services
Wireless Network Security Testing service evaluates the user behaviors, access controls, wireless networks, and configurations. Additional tests such as password cracking tests and attack tests through wireless networks are carried out to identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions.
The test is conducted on wireless networks of the organisation and the following procedure is followed;
- Identification of security vulnerabilities
- Testing the identified security vulnerabilities with manual methods
- Analyzing the testing of vulnerabilities and prioritising them according to their criticalities
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted again about the elimination or continuation of pre-identified risks and vulnerabilities.
All these tests are carried out remotely and from our offices. There is no need to visit the source of the services or systems. Thus, your business operations will not be interrupted by any means.
We carry out all our tests in accordance with our “MS Wireless Network Security Test Methodology”.
Web Application Security Testing Services
Web Application Security Testing services focus on finding weaknesses on the web applications of the organisation with different user profiles to identify and analyze possible vulnerabilities, test systems with manual methods, offer and implement solutions.
The test is conducted on the internet and local networks of the organisation and the following procedure are followed;
- Identification of security vulnerabilities,
- Testing the identified security vulnerabilities with manual methods,
- Analyzing the testing of vulnerabilities and ranking them according to their criticalities,
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities.
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted again about the elimination or continuation of pre-identified risks and vulnerabilities.
All these tests can be repeated with new user profile types that are available in the application.
If online access is granted or available, all these tests are carried out remotely and from our offices. If on-site testing is requested, Web Application Security tests are carried out on-site, where your network is located within your business.
We carry out all our tests in accordance with our “MS Web Application Security Test Methodology”.
Mobile Application Security Testing Services
Mobile Application Security Testing services focus on finding weaknesses on the web applications of the organisation with different user profiles to identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions.
The test is conducted on the mobile applications of the organisation and the following procedure is followed;
- Identification of security vulnerabilities
- Testing the identified security vulnerabilities with manual methods
- Analysing the testing of vulnerabilities and ranking them according to their criticalities
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted again about the elimination or continuation of pre-identified risks and vulnerabilities.
All these tests can be repeated with new user profile types that are available in the application.
All these tests are carried out remotely and from our offices.
We carry out all our tests in accordance with our “MS Mobile Application Security Test Methodology”.
Industrial Control Systems (ICS/SCADA) Security Testing Services
Industrial Control Systems (ICS/SCADA) Security Testing services focus on the industrial control systems (ICS) of the organisation and identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions.
The test is conducted on the industrial control systems of the organisation and the following procedure is followed;
- Identification of security vulnerabilities
- Testing the identified security vulnerabilities with manual methods
- Analyzing the testing of vulnerabilities and ranking them according to their criticalities
- Providing a detailed report with simplified explanations and required actions to eliminate each of these vulnerabilities
After the necessary actions are taken, a verification check will be performed, and a detailed report will be submitted again about the elimination or continuation of pre-identified risks and vulnerabilities.
In general, it is ideal to carry out these tests in an environment that bears the same characteristics as the actual structure.
However, if this cannot be achieved or accessed, tests will be carried out on the actual systems with passive methodology.
All these tests are carried out on-site, where the operation takes place within your business.
We carry out all our tests in accordance with our “MS ICS Application Safety Test Methodology”.
Social Engineering Testing Services
Social Engineering Testing services focus on measuring the knowledge and awareness of your personnel about information security and identifying and analysing possible vulnerabilities, test systems with manual methods, offer and implement solutions.
This testing service is directly provided to personnel who are chosen by your organisation.
The knowledge of your personnel can be determined through various methods such as requesting information by call or email and assessing their response. The awareness of your personnel can also be tested through their reaction in managing portage data storage devices inside of your offices. This information about your personnel will be kept confidential.
A detailed report with statistics will be presented to your organisation.
Information gained during this procedure is not shared with the chosen personnel.
The tests required will determine whether they can be carried out remotely or on-site.
We carry out all our tests in accordance with our “MS Social Engineering Test Methodology”.
Distributed Denial of Service (DDoS) Testing Services
Distributed Denial of Service (DDoS) Testing services evaluate the effectiveness of the security measurements of the organisation and their possible efficiency in real-life scenarios.
Details about the Distributed Denial of Service (DDoS) tests that can be conducted on the systems of your organisation:
This is a process whereby an attack is performed on the resources of your systems such as the memory, the processor, and bandwidth to test whether these resources may become accessible to possible hackers.
Multiple computers are used in the process to create real-life scenarios and collect data for proper reporting which will be submitted to your organisation with the results.
All these tests are carried out remotely and from our offices. There is no need to visit the source of the services or systems.
We carry out all our tests in accordance with our “MS DDoS Test Methodology”.
Continuous Vulnerability Analysis Services
Continuous Vulnerability Analysis services are built within the organisation to identify and analyse possible vulnerabilities in the server and network components and during the visit of GTH personnel and offer and implement solutions.
The location of this service is determined by the organisation itself.
During the analysis, vulnerabilities will be scanned at regular intervals and detailed scan reports will be presented.
Two different methods can be used during the analysis. The organisation can use its own scanning application, or we can provide our own MS scanning tool for identifying the vulnerabilities.
Regardless of which method you prefer, aperture scanning tools must be used to identify new vulnerabilities.
We carry out all our services in accordance with our “MS Continuous Vulnerability Analysis Methodology”.
Border Security Components Event Analysis Services
Border Security Components Event Analysis services focus on measuring the effectiveness of the security components of the organisation and the PICUS component on the internet. PICUS component efficiency is measured by attack scenarios on the predetermined network segments running on the local network. Besides measuring the efficiency, all activities are also recorded.
Note: PICUS must be performed at the location of the organisation.
Web Application Load Balance Test Services
Web Application Load Balance Test services focus on the information systems that can affect the accessibility and overall performance of the application. Services are carried out within the application of the organisation and real-life scenarios are adopted in line with the user behaviors.
The organisation needs to determine a set of users so that Web Application Load Balance Test services can be conducted.
The main purpose of the service is to test the accessibility status of the application.
Services are carried out in predetermined scenarios and detailed data is recorded.
All these tests are carried out remotely and from our offices.
We carry out all our tests in accordance with our “MS Web Application Load Balance Test Methodology”.
Software Source Code Analysis Services
Software Source Code Analysis services are carried out on the software of the organisation and detailed analysis on the code vulnerabilities are performed. If requested, the analysis can be executed on the running systems to identify and analyse possible vulnerabilities, test systems with manual methods, offer and implement solutions.
If the organisation provides the source codes, the analysis is carried out remotely and from our offices. If not, analysis is carried out on-site and with a temporary installation of a static code analysis tool.
We carry out all our services in accordance with our “MS Software Source Code Analysis Methodology”.
Malicious Traffic Analysis Services
Malicious Traffic Analysis services focus on monitoring the network traffic of the organization for a predetermined period and sandboxing the detected files. Sandbox technology runs on virtual machines and allows the analysis of the network traffic, identifying, preventing, and reporting possible attacks.
We carry out all our tests in accordance with our “MS Malicious Traffic Analysis Test Methodology”.
Cyber Security Practice Services
Cyber Security Practice services focus on the measurement and evaluation of the existing cyber security infrastructure of the organisation together with the detection, intervention, and return capabilities of the technologies and processes with simple simulation methods.
The purpose of this service is to detect the possible security vulnerabilities and incidents in advance and predict the possible outcomes of these vulnerabilities and incidents on the organisation and its operations. Moreover, it focuses on how to intervene and manage possible incidents.
This service also measures the following factors:
- Event detection abilities and capabilities
- Event response abilities and capabilities
- Return abilities and capabilities
Cyber Security Practice services also test the compliance with institutional CSIRT and sectoral CSIRT guidelines as well as evaluate them under human/process and/or technical aspects.
This service provides the following benefits in case of any real cyber security incident that take place in the organisation:
- Identifying the roles, activities, and processes the organisation needs
- Identifying possible dilemmas your organization may have to face,
- Identifying the requirements that must be adopted by the organization.
Cyber Security Practice services are carried out under three headings:
- Real-life attack scenarios
- Desk scenarios
- Simulation scenarios
Red Team Service
This is a crucial service in determining the vulnerabilities of any system. It measures the effectiveness of your security system by conducting controlled realistics tests and identifying possible internal and external threats that an organisation may suffer. This service simulates the motivation of real attackers taking into consideration the various tools, techniques, and strategies, which may vary from an attacker to attacker.
Using this service, a cyber security strategy is determined, and measures are taken. The entire process complies with CSIRT and CSOC structures. Thus, vulnerabilities that arise from humans, processes, or technologies can be identified and rapid measures can be taken by performing a real and controlled attack on the existing system.
Red Team Service identifies the units responsible for the security of the organisation by carrying out human, process, technology, and physical security measures such as IT, OT, IoT, which are available within the organization.
However, it is worth noting that the motivation of real attackers is highly different compared to the specialists who carry out infiltration tests. This is why real attackers can be successful in their attempts even when the identified vulnerabilities are covered and eliminated at the end of the tests.
Internet of Things (IoT) Security Testing Services
Internet of Things (IoT) Security Testing services focus on the security of embedded systems, devices, and objects including sensors, network connection, and software, and are capable of gathering and processing the information within the organisation.
Within the scope of this service, the following fields are tested:
- Security of web interfaces
- Security of personal data
- Security of cloud interfaces
- Security of configuration
- Security of software and firmware
- Authorization mechanisms
- Network services
- Cryptographic mechanisms used in the communication
- Physical security issues