Security Probe Services
Ireth PenTest is the division of IRETH specialized in Information and Network Security.
Our services in this area are: Security Probe, Penetration Test, Ethical Hacking and Vulnerability Assessment.



Methodology
Steps by the classic ‘Security Probe’ Methodology (OSSTMM – Open Source Security Testing Methodology Manual Open):
- Footprinting
- Scanning
- Enumeration
- Gaining Access
- Escalating Privileges
- Pilfering (*)
- Covering traces and creating back doors (*)
(*) these hacking activities are not done in an authorized security probe.



Web Application Vulnerability Assessment – WAVA (OWASP- Open Web Application Security Project)
This analysis is about custom web application. There are a lot of attacks to compromise any layer of the web application infrastructure: Web Server, Application Server, Middle Tier, Database Management System.


Application Probe: attack classes
-Cross-site scripting
- Parameter tampering
- Backdoors, debug options and bad cgi configurations
- Command injection
- Full Spidering
- Cookie poisoning
- Known Exploits
- SQL injection


Tools
All the analysis are made by senior security engineer (with a deep knowledge in hacking tecniques) and not only with simple authomatic tools because authomatic tools are good just to produce a lot of paper: only human people can reproduce the intelligence of a real attacker.

Some of tools used by our experts :
• nmap
• hping
• cain & abel
• Atstake LC5
• Exploit Always updated for specific services & applications vulnerabilities
• Keygrab
• Ethereal
• Ettercap
• Acunetix (WAVA)
• Sandcat Suite (WAVA)
KisMet for networks 802.11 (wi-fi), etc