No, OmniCyber Security uses the reconnaissance and exploitation process described above to give post exploitation feedback.
Yes, OmniCyber Security uses Nikto, an open source web server scanner that runs in-depth tests against web servers and web applications. Our CREST Certified hackers also use the most common web application testing tools, which are part of the Burp Suite of scanning and security testing tool portfolio. Kali Linux is another advanced penetration testing tool that we use to make network security assessments through ethical hacking practices.
Internal testing works on the premise where the tester has insider access, such as that of an employee of the company. This scenario simulates what might happen if an employee takes malicious action against the company or what might happen if a hacker has acquired employee credentials through a phishing attack.
External web application penetration testing is conducted from the outside, through web apps that are visible on the internet.
Blind testing is conducted with only the knowledge of the company name and web application. This form of cyber-security testing replicates exactly how a real cyber attack takes place.
Double-blind testing takes place without the security and IT personnel of the company having prior knowledge of the simulated cyber attack.
Targeted testing is often used as a training exercise for the security personnel of the company. The tester and security personnel keep each other informed of the steps being taken so that the security personnel can understand in real-time the actions taken by the ethical hacker.
Mobile web application testing focuses on identifying the security vulnerabilities of mobile apps.