Penetration Testing

In Penetration Testing, our security researchers with hacking techniques will assess ALL of your application functions for complex and cross-functional vulnerabilities.

In Singapore, penetration testing is required to ensure the correctness of the systems before going live against major security flaws such as data leaking, payment frauds and illegitimate access.

1. Search for complex and cross-functional vulnerabilies

  • Step 1: Preliminary proposal
    Our consultants will work with you to understand your business objectives and cyber security requirements, and tailor our service to these to deliver maximum benefit.
  • Step 2: Penetration testing
    Our consultants will first perform a deep analysis of your information networks to determine the extent of your vulnerabilities. We will attempt to exploit the identified vulnerabilities as proof of concept on the target system in a risk-controlled environment the same way a hacker would.
  • Step 3: Penetration testing report
    Our consultants will provide you with a detailed report that clearly states the vulnerabilities identified during the initial assessment and penetration tests.

2. Our Services

2.1 Web Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your external and internal web applications to identify vulnerabilities before cybercriminals do.

The following is a non-inclusive list of items that will be checked during the web application penetration testing:

  • Injection flaws
  • Business logic vulnerability
  • Cross Site Scripting (XSS)
  • Cross Site Request Forgery (CSRF)
  • Improper authentication or session management
  • Improper access control
  • Missing encryption or improper use of cryptographic algorithm
  • Information exposure through an error message
  • Open redirects
    Failure to restrict URL access
  • Insecure direct object references or path traversal
  • Server misconfiguration
  • Firewall rule set analysis
MK Cybersecurity will conduct additional contextual exploitations:
  • Application privilege escalation: To use a normal user account to illegitimately execute admin functionalities.
  • Data manipulation: To attack to illegitimately change the application data.
 

2.2 Mobile Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your mobile applications to identify vulnerabilities before cybercriminals do.

Our security researchers will assess security vulnerabilities of Android and iOS mobile applications against a wide and exhaustive list of threats

  • Weak server side controls
  • Insecure data storage
  • Insufficient transport layer protection
  • Client side injection
  • Improper session handling
  • And more…
MK Cybersecurity will conduct additional contextual exploitations:
  • Application privilege escalation: To use a normal user account to illegitimately execute admin functionalities.
  • Data manipulation: To attack to illegitimately change the application data.

2.3 OS Penetration Testing (PT)

We use both automated penetration tools and manual penetration tests to assess your operating systems to identify vulnerabilities before cybercriminals do.

We use a combination of automated and manual tests to provide the best of both worlds into a single solution that includes:

  • Comprehensive target/systems reconnaissance
  • In-depth vulnerability discovery
  • Code Execution exploitation
  • Authentication weakness exploitation
  • Privilege escalation
    Reporting
  • Cleanup