A generic definition of penetration testing or pen test is “A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary might”. Source:  https://en.wikipedia.org/wiki/Penetration_test

Simply put, it means simulating a security breach in an organization, and find fault-lines in the setup which make the overall system vulnerable to a cyber-attack.

Many organizations are exposed to various types of security threats and often need to contend with unauthorized access to the organization, exposure of sensitive data, data corruption, data fraud and even embezzlement, and more. 

Pen Test Services from Rooman

Rooman provides some of the following services to prevent cyber penetration of sensitive database warehouses and data theft.

Zero Day Attacks Vulnerability

Your cyber-security strategy should include defence for a zero day attack. A zero day attack refers to a cyber attack from hackers, who exploit a flaw in an application – which does not yet have a software patch or fix. Since your organization will have many systems and applications running, a defect in any one application leaves your enter system open to an attack. 

At Rooman, we believe in helping our clients in being prepared for zero day attacks. We investigate and identify of zero day attacks in the Operating System (Windows, Linux) that are not recognized by the scanning systems. We identify the patches to be installed and cleanse the system of any defective applications. 

As part of setting up a defense mechanism against zero day attacks, we also do the following:

• Set up a process in place and educate our clients to install updates to applications as soon as they are available
• Keep their security systems applications updated and current 
• Follow a rigid security policy in the organization.

Eavesdropping Reconciliation using OPC UA

Eavesdropping is an unauthorized use of sensitive information which is deemed a security breach that can be used in follow-on attacks. Our cyber security experts use TAP or via IP networks (ARP Poisoning Eth Bridging) for modbus or OPC protocol eavesdropping. OPC UA provides encryption to protect against eavesdropping. Data is protected from passive attacks such as eavesdropping, whether the data is being transmitted, in memory, or being stored.

Other Services

Some of the other services our testers and team of cyber security excel in are:

• Reverse engineering of existing threats and research and analysis of threat behavior.
• Writing spyware and Trojan Horses that are not identified by known AV.
• Identification of Trojan Horses in cellular phones and in the organization’s network. 
• Providing threat surveys to system and manufacturing processes, such as SCADA, HMI and DCS or at the terminal level PLC’s.
• Cyber forensics testing and analysis of work stations and servers, testing of protection and monitoring systems, testing of log files and event analysis of access and data theft.