iSecurity has many years of experience conducting network infrastructure, computing layer & application layer vulnerability assessment & penetration testing. Over the past 6 months we have conducted 7 technical vulnerability assessments and penetration testing in health care settings including infrastructure, database, networks, web and mobile application (Mobile Asthma application).
Our Technical Vulnerability Assessment (TVA) and Penetration Testing methodologies are based on aspects of the Open Source Security Testing Methodology Manual (OSSTMM) and Open Web Application Security Project (OWASP) frameworks. Approaches can include "black box" and "white box" external vulnerability assessments, internal infrastructure and network vulnerability assessments and application vulnerability assessment
We leverage both commercial and open source network and application scanning tools and commonly known hacking techniques in an attempt to identify security vulnerabilities against the target environments and applications.
INFRASTRUCTURE & NETWORK LEVEL ASSESSMENT
This type of testing is aimed at identifying vulnerabilities at network and base operating system level and will be performed from the following perspectives:
- 1. External attacker. Someone attempting to perform malicious activities from an external connection (e.g. the Internet).
- 2. Internal attacker. Someone having compromised external boundaries (either by hacking into the internal / DMZ environment or by having physically gained access to the premises) and attempting to perform malicious activities from within.
Network level assessments are performed using the following high level methodology:
Figure: Infrastructure / Network Level Assessment Approach
The methodology applied to network level assessments is similar to the widely accepted OSSTMM (Open Source Security Testing Methodology Manual).
There are multiple checks under each of the category mentioned above.