Network/System PenTest

Available Service

• Search all opening ports and ensure it is operation required.

• Ensure all endpoints implemented authentication and authorization control

• Identify the opening ports service applied latest version & patches

• Outdated components or known vulnerability (CVE) found in the identified service

Certification Setting

• Disable the use of SSL 3.0, TLS 1.0 and TLS 1.1. Instead, leverage a newer version of TLS such as TLS v1.2 and v1.3.

• Correctness of the certification information and signed party

• SSL Certificate strength, at least > 2048 bits

• Not use the weak ciphers

Sensitive Data Exposure

• Any shared files or services that contain sensitive data

• Correctness of the certification information