- National Metadological Approaches
- TSE (TS-13638)
- SOME Guide Published by Civil Aviation
- Circular of BRSA (Banking Regulation and Supervision Agency) Penetration Tests Regarding Information Systems
- International Metadological Approaches
- NIST 800-115
- OSSTMM (Open Source Security Testing Methodology Manual)
- ISSAF (Information Systems Security Assessment Framework)
- OWASP Testing Guide
- SCADA Methodology
Penetration tests based on national and international methodologies are applied using the following 3 main methods.
- Black Box
In this approach, no information is given to the test team about the systems to be tested for security initially. It is expected that information about a completely unknown system will be collected and tests will be made. In this method, since the test team will not have any information about the system, there is a possibility of accidentally damaging the system. The information gathering phase takes a lot of time. It is the longest test approach in terms of duration.
- Gray Box
- White Box
In this approach, the security test team is fully informed about the system itself and the additional technologies running in the background. It provides greater benefit to the institution and the company compared to the Black Box technique. Since it will be easier to find errors and vulnerabilities, the time to take measures for them will be reduced. There is little risk of damage to the system.
The penetration test is carried out within the scenario determined in the "Penetration Test Kick-Off Meeting" previously held with the Customer. Penetration testing for IT assets is carried out on the basis of national and international methodologies to cover all topics below.
- Web Applications Penetration Tests
- Domain Penetration Tests
- Client Side Penetration Tests
- Database Penetration Tests
- Network Penetration Tests
- E-Mail - DNS Services Penetration Tests
- Wireless Network Penetration Tests
- Denial of Service (DDoS) Tests
- Social Engineering and Target Oriented (APT) Penetration Tests
- Firewall Bypass Tests
- URL, Content Filtering and Spam Gateway Products Elimination Tests
- Virtualization Systems Penetration Tests
- Penetration Tests for Cloud Systems