Document Actions
Assessment
Emaze services in Assessment field are customized with the client's need, determining with him the way and the purpose of tests.
It's possible to determine different levels of Penetration Test still the Ethical Hacking, according to the techniques and time requested to Emaze.
Penetration Test
A Penetration Test is articulated in many fields, depending to the client's objective for this advise.
The aspects investigated can be:
The Emaze Assessment activities are conducted by an experted staff, that publishes papers on specialized journals in Italy and in foreign countries.
Vulnerability Assessment
The Vulnerability Assessment (VA) determines the vulnerabilities of informatics systems. These vulnerabilities are used for informatics attacks by automatic software (worm) and attackers.
Using tools and verifying manually it's possible to determine the vulnerabilities implemented but not subjected to a security patching/fixing and to purpose a resolving patch plan. The activities of Vulnerability Assessment are periodically executed to monitor the security and patching level of the different element of the informative system.
A correct activity of Vulnerability Assessment must concern the servers, the workstations, the networking equipment and it must be always made on the new systems on the network. Emaze proposes also report of corporate assets for the management structure to give an exact condition of the information security also without technical details.
It's possible to determine different levels of Penetration Test still the Ethical Hacking, according to the techniques and time requested to Emaze.
Penetration Test
A Penetration Test is articulated in many fields, depending to the client's objective for this advise.
The aspects investigated can be:
- Points of attacks: Internet, Intranet, Extranet, physic
- Type of Network: wired, wireless and dial-up (RAS, modem, PBX, etc.)
- Target: Operating System, services, network protocols, perimetric infrastructures protection and applications.
- Knowledge: White or black box
- Threat Level: hight danger attack
- Attack: PT framework, tool, manual attacks, development and use of private exploits
- DoS: Denial of Service attacks
- Malware: use of worm, trojan, keylogger, backdoor, rootkit, etc...
- Client: attack to client and software similar as web browser, email client and messaging service
- Incident Response and Computer Forensics: attacks to verify private vulnerabilities and development of exploit and 0days
- Disaster Recovery: attacks to verify the effectiveness of backup procedures, disaster recovery and business continuity
- Social Engineering: attacks based on interpersonal relation permit to verify the correct use of opportune policies, procedures and user awareness
The Emaze Assessment activities are conducted by an experted staff, that publishes papers on specialized journals in Italy and in foreign countries.
Vulnerability Assessment
The Vulnerability Assessment (VA) determines the vulnerabilities of informatics systems. These vulnerabilities are used for informatics attacks by automatic software (worm) and attackers.
Using tools and verifying manually it's possible to determine the vulnerabilities implemented but not subjected to a security patching/fixing and to purpose a resolving patch plan. The activities of Vulnerability Assessment are periodically executed to monitor the security and patching level of the different element of the informative system.
A correct activity of Vulnerability Assessment must concern the servers, the workstations, the networking equipment and it must be always made on the new systems on the network. Emaze proposes also report of corporate assets for the management structure to give an exact condition of the information security also without technical details.