Penetration test

Penetration test has become a significant part of effective information security plans.

Do you know that there is many threat sources that could affect you

Ever wondered whether your network is secure against hackers ? Well we can tell you that for sure, from our certified penetration testers.

Threat Sources could be Insiders like Disgruntled or Fired Employees or Outside Attackers like Hackers and Competitors.

What is Penetration Testing

Simply Penetration test is a simulation of a hacking attempt to assess the computer systems security strength.
Penetration Test is a method of evaluating the security of a computer system or network , the process involves an active analysis of the system for any potential vulnerabilities by simulating an attack from a malicious source.

Test phases are Reconnaissance , Enumeration , Exploitation and Documentation.

Why performing a “penetration test ”

Understand the vulnerabilities of your current network environment and carry out remedies based on a remediation plan or security measures in protecting against security threats;

Identify potential threats and provide technical recommendations based on a security-remediation plan .


Allow organization to justify investments in network and information security;

Minimize potentials of security breaches and avoid loss of information assets, company goodwill and money.

What can be tested in the penetration test

• Servers and Workstations

1. Web Server (IIS , Apache , Nginx , Lighttpd , Litespeed)
2. Database Server ( Oracle , MSSQL , MySQL  , cassandra )
3. Domain Controller ( Active Directory )
4. Workstations

• Infrastructure

1. Network Devices ( Routers , Switches , Firewalls , IPS )
2. Wireless Networks (Wi-Fi , Wi-Max )
3. VPNs

• Applications ( Web Applications , Desktop Applications )

• Employees (Social Engineering)

Fixed Solutions Provides Several ways for the penetration testing:

No -Knowledge (Known as : Black Box): This test assumes no prior knowledge of the infrastructure to be tested

Partial Knowledge Test (Known as :Gray Box ): This test assumes partial knowledge of the infrastructure to be tested

Full Knowledge Test (Known as: White Box): This test provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information.

Security Consulting – Ever wondered whether your network is secure against hackers? Well we can tell you that for sure, from our knowledge from the underground hacking world, we can put ourselves in there shoes and test your network the way the hackers do.

Our Information Security Standards

OSSTMM “Open SourceSecurity Testing Methodology Manual”

– Very practical approach

– Checklists of what and in which order to test

ISO 17799 / BS 7799 Standard for Information Security

– Focuses more on the policy and paper work side of security

– Extensive catalog of security controls

– Defines a standard for audits

NSA / NIST Guidelines for Network Security Testing

PCI DSS Payment Card Industry Data Security Standards

Fixed Solutions penetration testing engineers are  experienced with conducting tests which address the PCI DSS quarterly vulnerability scan and annual penetration test requirements.