PENTEST
Penetration testing or Pentest is an authorized imitation of external attacks on information systems and applications (desktop, web, and mobile) of the company with the purpose to find vulnerabilities and analyze the level of technical security. The result is a multilayered report containing an analysis of the actual security of the business against external attacks and practical recommendations to limit threats and eliminate vulnerabilities.
- 1
Gathering information
- 2
Threat modeling
- 3
Vulnerability analysis
- 4
Exploitation
- 5
Post exploitation
- 6
Reporting
Methodology_
Following steps have to be applied
Reconnaissance
Configuration and Deploy Management Testing
Identity Management Testing
Authentication Testing
Authorization Testing
Session Management Testing
Data Validation Testing
Client-Side Testing
Error Handling
Business Logic Testing
Exchange-Specific Functionality Testing
Functionality has to be checked
Authentication
Verification
Account
Security Settings
Wallet
Trading
API
Penetration test validity requirements_
Reconnaissance
Configuration and Deploy Management Testing
Identity Management Testing
Authentication Testing
Authorization Testing
Session Management Testing
Data Validation Testing
Client-Side Testing
Error Handling
Business Logic Testing
Exchange-Specific Functionality Testing