Get the Flash Player to see this player.
Flash Image Rotator Module by Joomlashack.
Sikkerhetsttest av webapplikasjoner
Sikkerhetstest av CMS
sikkerhetstest av webserver
Joomla
Enkel webpublisering
Hjem
Vi stiller strenge krav til våre konsulenter! Utskrift E-post

MesterWeb AS ønsker å være "best i klassen" på sikkerhetstesting av CMS, webapplikasjoner og webservere. For å være dette kreves det inngående kunnskaper om web-basert sikkerhet, men vi legger også vekt på breddekompetanse i bunn hos den enkelte. Med et bredt kompetansefelt er man i større grad i stand til å forstå "kretsløpet" og de dynamiske prosessene innen IT-sikkerhet.

 

Kun det beste er godt nok!

Ansvarlig for sikkerhetstesten er sertifisert Cisco CCNP med skriftlig CCIE eksamen (Cisco CCIE er ofte omtalt som doktorgraden innen IT-sikkerhet), Master CIW Administrator, Microsoft Certified Systems Engineer, Certified Security Analyst og Master CIW Designer.
 

Her følger en oversikt over våre sertifiseringer:

Cisco CCNP sertifiseringCisco Certified Network Professional (Cisco CCNP)

Cisco CCIE sertifiseringCisco Certified Internetwork Expert (Cisco CCIE Written)

Microsoft Certified Systems Engineer (Microsoft MCSE)Microsoft Certified Systems Engineer (Microsoft MCSE)

Citrix Certified Administrator - Citrix CCACitrix Certified Administrator (Citrix CCA)

Master CIW AdministratorMaster CIW Administrator

Master CIW DesignerMaster CIW Designer

CIW Security ProfessionalCIW Security Professional

CIW Security AnalystCIW Security Analyst

CIW Internetworking ProfessionalCIW Internetworking Professional

CIW E-Commerce ProfessionalCIW E-Commerce Professional

Certified Ethical HackerCertified Ethical Hacker

Licensed Penetration TesterLicensed Penetration Tester

Certified Internet WebmasterCertified Internet Webmaster

 

Hva kreves av våre konsulenter?

For å kunne utføre en sikkerhetssjekk for våre kunder må man dokumentere kompetanse innen følgende emner:

 

Security testing methodologies
• The Ethical Hacking Profession
• Passive Intelligence Gathering – 2007 Version
• Network Sweeps
• Stealthily Network Recon
• Passive traffic identification
• Identifying system vulnerabilities
• Abusing Domain Name System (DNS)
• Abusing Simple Network Management Protocol (SNMP)

Introduction to Remote Exploits
• Engineering remote exploits
• Running shellcode in RAM vs. on disk
• Heap Buffer Overflows
• Compromising Windows 2003 Server Systems
• Compromising Solaris Unix and Linux Systems
• Attacking RDP (Remote Desktop Protocol) in Windows XP, 2003 & Vista
• Windows password weaknesses & Rainbow Tables
• Unix password weaknesses
• Attacking Cisco’s IOS password weaknesses


Trojan genres
• Windows, Unix and Linux Trojans
• Kernel Mode Windows Rootkits – System Call Hijacking and Direct Kernel Object Modification
• Kernel Mode Linux Rootkits
• Covert communication channels
• Spoofing endpoints of communication tunnels
• Tunneling through IPSec VPNs by abusing ESP
• Steganographic Tunnels
• Remote command execution
• Sniffing and hijacking SSL encrypted sessions
• Installing sniffers on low privilege account in Windows 2003 Server
• Stealthy Remote keylogger installation
• Circumventing Antivirus

Modifying syslog entries
• Raw binary editing to prevent forensic investigations
• Editing the Windows Event Log
• Abusing Windows Named Pipes for Domain Impersonation
• Impersonation of other Users- Hijacking kernel tokens
• Disguising network connections
• Attacking Cisco IOS
• Attacking STP & BGP protocols
• Wireless Insecurity
• Breaking Wireless Security – WEP, WPA, WPA2
• Blinding IDS & IPS
• Attacking IDS & IPS

Malicious event log editing
• Binary filesystem modification for anti-forensics
• Named Pipe abuse
• Kernel Token Hijacking
• Attacking Border Gateway Protocol (BGP)
• Attack WEP
• Cracking WPA
• Cracking WPA2
• Cisco IOS Exploits
• Breaking into Cisco routers
• Blinding IPS
• Attacking IPS

Abusing Web Applications
• Attacking Java Applets
• Breaking web app authentication
• SQL Injection techniques
• Modifying form data
• Attacking session IDs
• Cookie stealing
• Cross Site Scripting
• Cross Site Request Forgery (CSRF) Attacks

Remote buffer overflow exploit lab
• Custom compiling Shellcode
• Running payloads in RAM
• Hiding exploit payloads in jpeg and gif image files
• Attacking email vectors (Lotus Notes and Microsoft Exchange, and Outlook Web Access)
• Registry manipulation
• Client side IE & Firefox exploits
• Using custom Trojans to circumvent Antivirus
• Remote kernel overflows
• RDP (Remote Desktop Protocol) Exploitation
• Cracking Windows Passwords
• Building Rainbow Tables
• Cracking Windows 2003 native mode passwords
• Brute forcing salted Unix passwords
• Attacking Kerberos Pre-Auth Hashes
• Cracking IOS and PIX passwords

• Compromise a DMZ setting with port redirection
• Circumvent firewall IP access list (ACL)
• Customizing Trojans to avoid Antivirus
• Deploying kernel mode rootkits on Windows 2003 & Vista
• Installing LKM rootkits on Linux servers
• Hijacking MSN messenger traffic
• Running commands remotely
• Breaking wireless encryption – WEP, WPA, WPA2
• Installing sniffers in low privilege user accounts
• Sniffing remotely and retrieving results
• Remote keylogging
• Tunneling with cover channels through IPSec VPNs
• Hijack and capture SSL traffic


Network Sweeping
• Scanning from spoofed IP addresses
• Stealthy Recon
• Injecting p0f for passive OS fingerprinting
• Scanning through firewalls
• IPv6 Scanning
• Discover all subdomains owned by an organization
• Inspect changes to whois record over last 3 years
• Windows 2003 Server & Vista DNS Cache Poisoning Attacks
• Pumping SNMP for data – OID Dissection
• Attacking SNMP

 


Klikk her for å bestille sikkerhetstest
 
MesterWeb er en avdeling i Media Total AS. MesterWeb tilbyr søkemotoroptimalisering og søkemotormarkedsføring - Nettstedskart