It is the process of exploring or confirming the target for which the hack will be performed. Conduct a meeting to clarify the details and risks of penetration testing. It also defines the Rule of Engagement (ROE) or rules or agreements for joint testing to determine the context of testing together and plan the work. And request to take action from the agency for approval.

After obtaining data from previous activities to initiate a vulnerability analysis in the target and develop a detailed threat, a team of penetration testers before starting the next step, the relevant persons in the agency will be notified.

It is a verification step and collects the accuracy of the URL or IP Address, or Basic Host to confirm the received target is correct. Including searching and checking the type of target system. Including identifying potential attack paths (Attack Surface) and being able to plan and choose a course of action for the next steps. If the audited targets do not match those assigned, We will check with the responsible person before proceeding to the next stage.

It is a deep dive into the weak points of each channel. To provide methods for attacking weaknesses or access to systems such as Buffer overflow, Code Injection, SQL Injection, Use-After-Free, Weak Password, Weak Security Mechanism, etc.

It is a hybrid approach test, which is a test using an automated tool (Automate Tool) and the expertise of personnel (Human Skill) and collecting evidence from the test. This combined test There are advantages over penetration testing using only penetration testing tools:

​

• Using tools alone and generating reports is less accurate because each vulnerability is not tested. This results in a large number of false positives reported, unlike the manual test in which the use of the tools is only one step in the test. The results of the scan must be proven to be a real vulnerability.

• Able to find vulnerabilities that tools can't find, such as vulnerabilities related to Business Logic or Broken Access Control, which testing requires understanding the design, operation, and user matrix for accessing data of each user (Roles)

• It can be used to correlate the vulnerabilities found to match with the tester's information and understanding of the application, which can be further used to find more important information, including credentials, or can choose to use more specialized tools to search for channels. It can also take the information obtained and Customize the tool to find the vulnerability.

This is to bring the results from the previous steps to prepare a report. It provides a risk-level analysis with explanations and methods for resolving the detected weaknesses.

AlphaSec will perform an audit to verify the vulnerability results. Or provide additional advice if necessary so that customers can be confident that the detected vulnerabilities are fixed correctly and efficiently, reducing the risk to a level acceptable to the customer.

​

AlphaSec has expertise in penetration testing. With more than 20 years of experience and received many certificates certifying competence. Passed many of the country's leading organizations' penetration tests to ensure that customers will receive a penetration testing service from us at an international standard.