Barikat Siber Güvenlik Logo
+90 (216) 504 53 30 +90 (312) 235 44 41 info@barikat.com.tr TR Barikat Grup

What do Security Test Services offer? What type of results are obtained with Security Test Services?

  1. Home
  2. Blog
What do Security Test Services offer? What type of results are obtained with Security Test Services? | Barikat Siber Güvenlik

What do Security Test Services offer? What type of results are obtained with Security Test Services?

11/08/2020

Barikat Cyber Security offers Security Test Service for many organizations in different sectors. We will try to share the test services, requested by organizations and findings about these test services in this blog article. Security Test Services are integrated services where existing security gaps are determined before cyber attackers by testing information systems in terms of privacy, integrity, and accessibility which are the three main principles of information security, regardless of product, and suggestions for solutions to eliminate these gaps are offered.

Barikat Cyber Security offers security services in the fields of internet, local web, web applications, wireless networking, DDoS, mobile applications, software source code analysis, constant weakness analysis, harmful traffic analysis, red team etc.

Relevant studies have been prepared at the request of organizations in various sectors such as finance, public administration, e-trade, energy, and communication. As for the details of the Security Test Services, requested by organizations;

  • Internet Security Tests: They examine the data of organizations which are accessible from the internet.
  • Local Network Security Tests: They examine the data of organizations which are accessible from their local networks.
  • Mobil & Web Application Security Tests: They examine the data of organizations which are accessible through web applications.
  • Web Service/API Security Tests: They examine the problem data of organizations that might occur on their web applications.
  • Wireless Networking Security Tests: They assess access controls and configuration of wireless networks of organizations, the behavior of users and password breaking tests, and examine data of testing attacks that might be made against the network of the organization over the net.

    • Results, obtained within the scope of these tests are labeled as urgent, critical, high, and medium level findings, according to their levels of importance. Results, obtained after the relevant tests, have been labeled with importance levels of 3% urgent, 16% critical, 59% high, and 16% medium. According to the conducted tests under their relevant titles, the following findings have been obtained;

  • Internet Security Tests: 14% with critical, 43% with high and 43% with medium importance level,
  • Web Application Security Tests: %14 with urgent, 17% with critical, 33% with high and 36% with medium importance level,
  • Web Service Security Tests: 66% with high and 34% with medium importance level,
  • Local Network Security Tests: 5% with critical, 94% with high and 1% with medium importance level,
  • Wireless Networking Security Tests: 66% with high and 34% with medium importance level,
  • Mobile Application Security Tests: 4% with urgent, 14% with critical, 29% with high and 53% with medium importance level,
  • Software Source Code Analysis: 53% with critical, 22% with high, and 25% with medium importance level.

    • Assessment examines whether the system protection is successful, specific to DDoS and load tests. If we examine the tests, conducted in this context, it has been determined that;

  • DDOS Tests: 39% were successful, 61% were unsuccessful.
  • Web Application Load Tests: 50% were successful, 50% were unsuccessful.

    • Social Engineering Test is a test service that is conducted for all or a part of the employees of an organization, selected through sampling, and it aims to measure the level of awareness of personnel regarding information safety by using various deception techniques. Findings have been obtained by using e-mail and telephone. If we examine the tests, conducted in this context;

  • E-mail: A 3 stage test was conducted that consisted of opening the e-mail, clicking the link through the opened e-mail, and filling out a form after clicking in the e-mail setup. 30% of the users who received the relevant e-mail opened it, 90% of those who opened the mail clicked the link, and 14% of those who clicked the link filled out the form.
  • Telephone: Their passwords were requested from persons in the telephone setup. 75% of users, reached via telephone gave their passwords.

    • In addition to all this information, the zero day gap was found for a customer in the energy sector in a similar assessment period. CVSS v3.0 Base Score, related to the zeroth day gap, found during the leak tests, was specified as 8.1.

    Barikat Cyber Security offers solution suggestions for findings. We hope that this blog article will be beneficial for organizations to see general weaknesses.

    Please contact us for more information about our Security Test Services.

  • *Tests, conducted in June 2020 period were included in the assessment as sampling.
    • Share on Social Media
    Linkedin