top of page

Penetration Testing

Home

Penetration Testing

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น

Penetration testing and Vulnerability Assessment Services

Benefits of Penetration Testing
  1. To improve the security measures of the organization's information technology system to be able to prevent real threats through vulnerabilities.

  2. It is an independent audit of the security of the system by an external auditor.

  3. Raising security awareness to improve the system all the time.

  4. To get advice on security

  5. Reduce legal risks and raise awareness among service providers

  6. Support compliance with ISO/IEC 27001, PCI DSS, and various laws.

  7. It is the performance of the contract or the terms of service of the customer.

  8. To prove that the system has risks and use it as investment information

AlphaSec has the following procedures for penetration testing and vulnerability testing.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Carry out Planning
Step 1

It is the process of exploring or confirming the target for which the hack will be performed. Conduct a meeting to clarify the details and risks of penetration testing. It also defines the Rule of Engagement (ROE) or rules or agreements for joint testing to determine the context of testing together and plan the work. And request to take action from the agency for approval.

 

After obtaining data from previous activities to initiate a vulnerability analysis in the target and develop a detailed threat, a team of penetration testers before starting the next step, the relevant persons in the agency will be notified.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Conduct Research
Step 2

It is a verification step and collects the accuracy of the URL or IP Address, or Basic Host to confirm the received target is correct. Including searching and checking the type of target system. Including identifying potential attack paths (Attack Surface) and being able to plan and choose a course of action for the next steps. If the audited targets do not match those assigned, We will check with the responsible person before proceeding to the next stage.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Identify Vulnerability
Step 3

It is a deep dive into the weak points of each channel. To provide methods for attacking weaknesses or access to systems such as Buffer overflow, Code Injection, SQL Injection, Use-After-Free, Weak Password, Weak Security Mechanism, etc.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Exploit Weakness
Step 4

It is a hybrid approach test, which is a test using an automated tool (Automate Tool) and the expertise of personnel (Human Skill) and collecting evidence from the test. This combined test There are advantages over penetration testing using only penetration testing tools:

  • Using tools alone and generating reports is less accurate because each vulnerability is not tested. This results in a large number of false positives reported, unlike the manual test in which the use of the tools is only one step in the test. The results of the scan must be proven to be a real vulnerability.

  • Able to find vulnerabilities that tools can't find, such as vulnerabilities related to Business Logic or Broken Access Control, which testing requires understanding the design, operation, and user matrix for accessing data of each user (Roles)

  • It can be used to correlate the vulnerabilities found to match with the tester's information and understanding of the application, which can be further used to find more important information, including credentials, or can choose to use more specialized tools to search for channels. It can also take the information obtained and Customize the tool to find the vulnerability.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Report Finding
Step 5

This is to bring the results from the previous steps to prepare a report. It provides a risk-level analysis with explanations and methods for resolving the detected weaknesses.

บริการทดสอบเจาะระบบ (pentest) และตรวจสอบช่องโหว่ของระบบ(va) สารสนเทศ ระบบเครือข่าย โมบายแอพพลิเคชั่น เว็บแอพพลิเคชั่น
Remediate Issues
Step 6

AlphaSec will perform an audit to verify the vulnerability results. Or provide additional advice if necessary so that customers can be confident that the detected vulnerabilities are fixed correctly and efficiently, reducing the risk to a level acceptable to the customer.

AlphaSec has expertise in penetration testing. With more than 20 years of experience and received many certificates certifying competence. Passed many of the country's leading organizations' penetration tests to ensure that customers will receive a penetration testing service from us at an international standard.

bottom of page