This page describes WELAN’s comprehensive offensive services designed to assess the strength of systems, networks, and applications through various approaches. Using rigorous methodologies and industry tools, we identify potential vulnerabilities and assess compliance with best security practices and applicable regulations.
One-time (Type 1) or Recurring (Type 2) Tests
All the services listed below can be performed either on a one-time basis or on a recurring basis. Recurrence ensures the security level of an environment over time by addressing new security vulnerabilities that may be introduced by changes and updates.
Furthermore, recurring penetration tests can be part of a change management procedure. Many security frameworks and security policies require conducting a security audit and/or penetration tests following a deemed major change.
Intrusion Tests
Intrusion tests, also known as pentests (short for “penetration tests”), enable the assessment of the effective security level of a system or network by simulating real attacks it may face. This helps to identify weaknesses in the evaluation perimeter and take corrective measures to strengthen security.
Discover here the methodology we follow during our intrusive tests.
At WELAN, we perform various types of intrusive tests:
Web Intrusion tests
Web intrusion tests specifically target applications accessible via a browser, including:
- Showcase sites
- Business applications
- CRM or ERP
- API / Web Services
- etc.
These tests can be performed in black box or gray box. In the case of the latter, all technical layers (i.e. technical stack) are evaluated, which includes the search and evaluation of all or part of the following elements:
- DNS records
- Open-source information (e.g., elements indexed by search engines, compromised authentication data, etc.)
- Network exposure
- Middleware security flaws (i.e., web server)
- Security patching flaws in software and application components (libraries, web servers, CMS, framework, etc.)
- Application discovery - Search for hidden pages or functionality
- Application vulnerabilities (i.e., OWASP Top 10)
- Application logic flaws
External Intrusion tests
The purpose of external intrusion tests is to evaluate the level of security of a perimeter against attacks from a public network, the Internet in most cases.
In addition to web intrusion tests, these tests also include application or infrastructure services accessible from an untrusted foreign network.
In addition to tests conducted from the Internet like any attacker, this type of test can also be conducted from a partner network to evaluate the risks of an attack via the supply chain (i.e. Supply Chain Attack).
Internal instrusion tests
Internal intrusion tests are performed from a network internal to the company and/or a network considered trusted. Furthermore, these tests simulate an internal attacker such as a malicious employee or an attacker who has compromised a resource from an external network.
These tests target the internal resources of the company such as:
- Network resources - firewall, router, switch, load balancer, SSL gateway, etc.
- Infrastructure resources - DNS server, NTP server, Hypervisors, SMTP server, IPAM, etc.
- Authentication servers - Active Directory, LDAP or RADIUS
- Business services - Client management servers, ITSM tools, Document Management Tools (DMS), etc.
- OOB resources - ILO interface, iDrac or IPMI
- Workstations and administration stations
- Mobile devices
- Industrial equipment
Furthermore, this type of service makes it possible to evaluate the effectiveness of security equipment/applications such as EDRs, detection probes, or application firewalls (WAF). The tests performed can also be used to evaluate the ability of a SOC to detect weak signals in the event of an intrusion. If necessary, the auditors can adjust their posture to adopt a discreet approach or, on the contrary, a more aggressive approach.
Red Team
A Red Team engagement is a complete and realistic attack simulation aimed at evaluating an organization’s resistance to threat sources that impose no limits on perimeter, target, method, or time.
In addition to addressing technical weaknesses that may be identified during intrusion testing services, Red Team engagements also take into account the human and physical aspects of security through the realization of phishing attacks, social engineering, espionage, or physical intrusion.
Additionally, Red Team scenarios are designed to mimic the real tactics, techniques, and procedures (TTPs) used by potential attackers.
Context for conducting tests
Intrusive tests can be conducted using different approaches. Each of these has advantages and disadvantages; the choice of method depends on the objectives of the audit, time constraints, available resources, and the desired level of knowledge about the audited system or application.
Black Box
In a black box approach, testers or auditors have limited access and/or no prior knowledge of the system or application they are auditing.
They act as external attackers or unauthorized users who have no access to the source code, internal documentation, or any other detailed information about the system’s operation.
This approach simulates the behavior of an outsider to the company who is looking to exploit security flaws in the audited environment opportunistically.
Gray Box
The gray box approach is between the black box and white box approaches. Auditors have partial knowledge of the system or application, but not full access to the source code or all configuration details.
They typically have limited information about the system architecture, critical features, and security controls in place.
This approach allows auditors to combine their limited knowledge of the system with in-depth analysis techniques to identify potential vulnerabilities and assess the overall security of the system.
For example, this approach allows auditors not to be stuck in front of an infallible authentication login and thus evaluate all the features of an application.
White Box
Finally, in a white box approach, auditors have complete and detailed access to the source code, system architecture, configurations, and other internal information.
They are able to examine the internal operation of the system in depth, which enables them to detect vulnerabilities, development errors, configuration weaknesses, and security gaps.
This approach provides maximum visibility into the audited perimeter, allowing for an in-depth risk analysis and precise recommendation of corrective measures.
As a general rule, the commissioning company makes its teams available to the auditors to respond to any requests during the tests.
Source Code Audit
The source code audit aims to evaluate the security level of an application by assessing the quality of its source code, particularly:
- Compliance with secure development techniques
- Compliance with company-imposed development rules
- Use of trusted third-party components (e.g. libraries, plug-ins, connectors, etc.) and up-to-date versions
In addition, particular attention is paid to the following mechanisms:
- Authentication mechanisms
- SQL query construction methods
- Session management mechanisms
- Connection mechanisms with third-party components (authentication and encryption)
- Encryption mechanisms / cryptographic algorithms (data in transit and data at rest)
- User management mechanisms
- Access control mechanisms for data and functionality
- User input filtering mechanisms
- Third-party component loading mechanisms (e.g. libraries)
- Hidden functions / debugging mechanisms
- Trace / log / journal management
- Administration mechanisms / interfaces
Unless there is a technical or organizational impossibility, source code audits combine static and dynamic analysis of the code:
This combined approach helps optimize audit time to explain the evaluated source code and thus facilitate analysis.
- Static Analysis: Auditors analyze the source code line by line to search for known vulnerabilities, programming practices that do not comply with secure development rules, or logic errors.
- Dynamic analysis: In some cases, a dynamic analysis of the code can be performed by running the application in a test environment and monitoring its behavior to identify development defects that are not or cannot be detected with certainty during a static analysis of the code.
Configuration Audit
The configuration audit aims to evaluate the security parameters of a device, system, or application.
The evaluation of security parameters is performed on the basis of:
- Best security practices applicable for the technology being evaluated
- Company policies and configuration guidelines
A configuration audit can be performed on any type of resource, such as:
- Network equipment
- Operating systems
- Workstations
- Applications and security tools.
Segmentation Tests
In the complex landscape of cybersecurity, network segmentation plays a crucial role in protecting your data and systems from cyber threats. Our segmentation tests offer an in-depth evaluation of the robustness of your network segmentation, enabling you to detect and correct potential vulnerabilities.
Network segmentation involves dividing your computer network into logical segments or zones, with distinct security policies applied to each segment. This limits the spread of attacks and reduces the attack surface, thereby enhancing the overall security of your infrastructure.
To evaluate the segmentation of your network, a methodical approach is proposed:
- Network Architecture Analysis: We examine the architecture of your network in detail to identify logical zones and communication rules between different segments.
- Firewall Rule Evaluation: We review your network’s firewall rules and filtering policies to ensure that they are properly configured and follow the principles of least privilege.
- Connectivity Testing: We perform connectivity tests to verify that only authorized data flows are allowed between segments and that filtering rules are applied appropriately.
- Evaluation of Privilege Separation: We examine privilege separation between different segments to ensure that only authorized users and services have access to appropriate resources.
Conducting segmentation tests offers several advantages:
- Early Risk Detection: Our segmentation tests enable you to detect and correct security vulnerabilities before they are exploited by attackers.
- Strengthening Protection: By identifying and correcting weaknesses in your network segmentation, you strengthen the protection of your data and systems against cyber threats.
- Compliance with Security Standards: Our segmentation tests help you comply with security standards and regulations in force regarding data protection and privacy.
- Identification of Vulnerabilities and Gaps: We identify potential security vulnerabilities and gaps in your network segmentation, such as misconfigured firewall rules, non-isolated segments, or possible bypass paths.
Vulnerability scans
In the dynamic landscape of cybersecurity, early detection and correction of vulnerabilities are crucial to maintain the security of your IT infrastructure. Our vulnerability scanning service offers an in-depth evaluation of your environment, enabling you to identify and resolve vulnerabilities before they are exploited by attackers.
A vulnerability scan is an automated process that identifies potential security weaknesses in your IT infrastructure, including systems, applications, and services. It helps detect vulnerabilities such as software security flaws, misconfigurations, missing patches, and more.
Our approach is based on several pillars:
- Asset Identification: We start by identifying all assets on your network, including servers, workstations, network devices, applications, etc.
- Automated Scans: We use specialized tools to perform an automated scan of your assets, actively searching for known vulnerabilities and security weaknesses.
- Result Analysis: We analyze the scan results to identify critical vulnerabilities, potential risks, and weaknesses in your infrastructure. This also allows for an initial sorting to identify false positives.
- Vulnerability Prioritization: We rank identified vulnerabilities based on their severity and potential impact on your environment, enabling you to prioritize remediation actions.
- Recommendations and Action Plan: We provide you with practical recommendations to remedy identified vulnerabilities, along with a detailed action plan to strengthen the security of your infrastructure.
The benefits of security scans are as follows:
- Early Threat Detection: Our vulnerability scans enable you to detect security loopholes before they are exploited by attackers, giving you a head start in protecting your infrastructure.
- Risk Reduction: By identifying and correcting security vulnerabilities, you reduce the risk of data breaches, operational disruptions, and damage to your company’s reputation.
Active Directory Audit
In a constantly evolving digital landscape, the security of your IT infrastructure is crucial. With our Active Directory audit service, we provide an in-depth analysis of your Active Directory environment to identify potential vulnerabilities and strengthen your organization’s security posture.
Indeed, Active Directory is the central pillar of many IT infrastructures, serving as a repository for users, groups, and resources within a network. As an essential component of your infrastructure, it is imperative to ensure that your Active Directory is secure against potential threats.
We conduct a comprehensive audit of your Active Directory, closely examining its configuration, permissions, group policies, user accounts, and much more. We use specialized tools and advanced methodologies to identify security gaps and potential risks. This allows:
- Vulnerability Identification: We identify potential security loopholes in your Active Directory, enabling you to take preventive measures to correct them.
- Security Enhancement: By understanding the risks associated with your Active Directory, you can implement enhanced security measures to protect your sensitive data and IT infrastructure.
- Regulatory Compliance: By ensuring that your Active Directory is compliant with security standards and regulations, you reduce the risks of non-compliance and potential penalties.
- Customized Recommendations: We provide you with personalized recommendations to improve the security of your Active Directory, taking into account your organization’s specificities and unique needs.
During our Active Directory audit, specific controls will be conducted, such as:
- Configuration Analysis: We thoroughly examine the configuration of your Active Directory to identify security settings that may be misconfigured or not optimized. This includes reviewing password policies, account lockout policies, security policies, etc.
- User Account Management: We assess user account management in Active Directory, ensuring that only authorized users have appropriate access. This includes examining account privileges, access rights, and detecting unused or unauthorized accounts.
- Group Control: We check group management in Active Directory to ensure that groups are properly configured and used appropriately. This involves examining group members, permissions granted to groups, and detecting unsecured or obsolete groups.
- Group Policy Management (GPO): We examine the Group Policies (GPO) applied in Active Directory to ensure they are properly configured and applied appropriately. This includes analyzing security settings, privacy settings, and detecting non-compliant or improperly applied GPO.
- Access and Authorization Audit: We perform an audit of access and authorizations in Active Directory to identify users or groups with excessive or inappropriate privileges. This includes examining access control lists (ACLs), NTFS permissions, and detecting unauthorized access or attempts at privilege escalation.
- Threat and Anomaly Detection: We use advanced techniques to detect potential threats and anomalies in Active Directory, such as lateral movement detection, brute force attacks, data exfiltration attempts, etc.
Depending on the need and context, additional controls may be conducted, such as:
- Audit Log Monitoring: We examine the audit logs of Active Directory to detect suspicious activities, such as unauthorized access attempts, sensitive configuration changes, etc.
- Certificate Security: We assess certificate management in Active Directory, ensuring that they are properly issued, renewed, and revoked in accordance with the organization’s security policies.
- Directory Services Control: We check the security of directory services related to Active Directory, such as Lightweight Directory Access Protocol (LDAP), Kerberos, etc., to identify potential vulnerabilities.
- Sensitive Object Management: We examine how sensitive objects, such as administrative accounts, encryption keys, etc., are managed and protected within Active Directory.
- Replication Security: We assess the security of replications between domain controllers in the Active Directory environment to ensure they are encrypted and secured against potential attacks.
- Protection against Insider Threats: We examine the measures in place to protect Active Directory against insider threats, such as attacks orchestrated by malicious internal users or disgruntled employees.
- Backup and Restoration Policy Management: We verify the implementation of Active Directory backup and restoration policies to ensure data availability in case of disaster or data corruption.
Password auditing
Boost the Strength of Your Password Policy with our dedicated service. Indeed, passwords often represent the first line of defense against cyber attacks. With our password audit service, we offer an in-depth assessment of the strength of your password policy, helping you to strengthen the security of your IT infrastructure.
Password audit involves assessing the quality and strength of passwords used within your organization. This includes analyzing password creation practices, password policies, and detecting weak or compromised passwords.
Our approach enables us to examine existing passwords, identify potential weaknesses, and propose recommendations to strengthen password security within your organization.
This includes:
- Identification of Weak Passwords: We identify weak or predictable passwords that could be easily guessed or cracked by attackers. The following points will be addressed:
Analysis of Existing Passwords: We start by examining the existing passwords used by users within your organization. This may include passwords for user accounts, administrative accounts, services, etc.
Use of Password Cracking Tools: We use specialized password cracking tools to assess the strength and robustness of existing passwords. These tools can perform brute force attacks, dictionary attacks, or other techniques to test password resistance.
Analysis of Password Complexity: We assess password complexity by analyzing factors such as length, character diversity (uppercase and lowercase letters, numbers, special characters), and the use of predictable sequences or patterns.
Identification of Common or Predictable Passwords: We search for commonly used or predictable passwords, such as ‘password’, ‘123456’, passwords based on personal information like the user’s name or birthdates, or passwords based on simple keyboard sequences.
- Evaluation of Password Policy: We evaluate the strength of your password policy, including complexity requirements, validity periods, and account locking mechanisms. Additionally, we compare identified passwords with your organization’s password policy requirements. If a password does not meet the specified complexity or length criteria, it is considered weak.
- User Awareness: We provide recommendations and advice to users to help them create and manage strong and secure passwords.
- Compliance with Security Standards: By ensuring that your passwords adhere to best security practices and industry standards, you enhance your organization’s security and reduce the risk of data breaches.
At the end of the audit, we generate a detailed report listing identified weak passwords, along with recommendations to strengthen them. This may include advice on creating strong passwords, implementing stricter password policy requirements, or providing training to raise awareness among users about the importance of password security.