The second penetration test then follows in quarter 2. Usually a Wifi penetration test is opted for here.
Here an attempt is made to first get into your Wifi network to penetrate from there to more important data.
A Wifi Pentest provides detailed information about vulnerabilities created by inferior configuration of the Wifi networks. After all, who can access which Wifi network? And which devices can be accessed through Wifi networks? How secure are the passwords of these devices and Wifi networks?
Especially in large organizations it is important to keep an overview of how Wifi networks are set up and which devices are connected to them. They are often not just laptops: also smartphones and a lot of Internet of Things devices. All of these devices are potentially vulnerable. Even unconnected devices can be vulnerable. For example, is it possible to get to the printer via guest wifi? And what, in turn, can a hacker do with that?
The key question of the Wifi Pentest comes down to, “Can access to the network be gained and how is this access controlled?”
The duration of our pentest depends entirely on the intended purpose, the method chosen and the available budget. Usually we work with a timeboxed pentest (the pentest takes place within an agreed maximum duration. Within the allotted time, as many vulnerabilities as possible are identified) which we calculate at 6h. If desired, we can of course deviate from this at any time.
For our pentests, we always start with an intake meeting with our pentester. In addition to a general introduction, we discuss the scope of the test, the method of approach, the available budget and the timeframe of the test. Then the actual pentest takes place.
Demonstrating the impact of a vulnerability enables a client to estimate which vulnerabilities have the greatest impact on his or her organization and therefore deserve priority. When our expert discovers weaknesses at an external party, that party is notified so they can take action. This ultimately increases your security level as well.
After the execution, our expert prepares a report containing the findings, conclusions and recommendations. The report consists of a management letter containing the main conclusions and recommendations, as well as a more detailed technical section.
All reports of each individual pentest are stored encrypted in a so-called “cryptocontainer”, so they are safely protected from the outside world. In addition, we give a presentation at the quarterly meeting so that together we can look for the most secure solution for certain situations.