Type of Tests

Security best practice suggests that organisations should undertake vulnerability assessments and penetration tests so as to identify weaknesses and exposures in an infrastructure before an attacker is able to take advantage of them. As a consequence, Nettitude provides two broad approaches to testing an environment.

• Completely Blind test, where no information is provided to Nettitude about hosts or services (often referred to as a Blackhat testing approach)
• Informed test, where Nettitude is given credentials on a host or in a service. This is designed to see what an authenticated user could see (often referred to as a Whitehat testing approach)

Nettitude also provide a blended approach to testing, where consultants start of assessing an infrastructure based on Blackhat techniques but then move on to assessing the environment with a set of credentials. The 2 tests are undertaken as discrete exercises, but provide customers with a more holistic assessment of their overall security posture.

• Vuln: KSP '.m3u' File Buffer Overflow Vulnerability
• Vuln: Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
• Vuln: Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability