Physical pentest
The auditor tests the physical security of the building:
- Does every access have the same level of security ?
- Are certain employees able to allow an attacker to enter the buildings?
- Can the attacker access the internal network without being spotted ?
This particular type of pentest is followed in most cases by an internal audit to demonstrate the final impact of unauthorized access to the Information System.
A preliminary reconaissance phase is necessary for the intrusion in order to create a plausible scenario: identification of accesses using satellite imagery, search for information on employees and service providers.
In which cases to choose the physical intrusion test?
This type of penetration test simulates the following threats:
- Industrial spying.
- Hacking for financial puproses (blackmail, ransom,etc.).
Test the physical security measures in place as well as the level of employee awareness.
Mission organization
An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.
A legal mandate between the different parties is published in order to authorize the intrusion by DSecBypass.
The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.
Penetration test results
The deliverables of the mission include a report as well as two optional restitutions.
The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.
The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.
