STAY RESILIENT WITH CYBER0

A penetration test (also known as a pen test) is a simulated cyber attack against your computer system to check for exploitable vulnerabilities. In the context of web application security, penetration testing is commonly used to augment a web application firewall (WAF).

The best time to conduct a pen test is right before your system is put into production and once it is no longer in a state of constant change. If a pen test is undertaken too early, your systems or networks can still have changes constantly occurring and as a result, possible security holes might be overlooked.

Vulnerability scanning is an automated method for testing common network and server vulnerabilities and reporting potential exposures. It's more cost-effective than penetration testing. A penetration test, on the other hand, is used as a preventive control. It helps to exploit weaknesses in the architecture of your IT network and determine the degree to which a malicious attacker can gain unauthorized access to your assets.

Here's a good analogy: a vulnerability scan is like walking up to a door, checking to see if it is unlocked, and stopping there. A penetration test goes a bit further; it not only checks to see if the door is unlocked, but it also opens the door and walks right in.

The frequency of penetration testing largely depends on the size of your environment, how often you make changes to it, and whether you're subject to compliance standards. We recommend performing penetration testing at least once a year.

However, compliance, installation of new networking infrastructure, changes in cyber policies and tolerance to cyber risk all play a role in how often penetration tests need to be performed.

Penetration testing consists of the following stages:
1. Planning and reconnaissance
On this stage we gather intelligence (e.g., network and domain names, mail server) to understand how a target works and its potential vulnerabilities. Also we define the scope and goals of a test and the testing methods to be used.

2. Scanning
The next step is to understand how the target application will respond to various intrusion attempts.

3. Gaining Access
This is when we perform cyber attacks, such as cross-site scripting, SQL injection and backdoors, to uncover a target's vulnerabilities.

4. Maintaining access
The goal of this stage is to see if the vulnerability can be used to achieve a persistent presence in the exploited system— long enough for a bad actor to gain in-depth access.

5. Reporting results
At last, our security personnel analyze this information and we put our findings into a report that helps security professionals improve the security defenses in the application to protect from future attacks.

Computer Forensics (also known as Digital Forensics) it is a special process that involves the identification, collection, preservation and analysis of Electronically Stored Information (ESI) in order to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.

Electronically Stored Information (e.g. email messages, digital images, network log files, etc.) can be found on computer hard drives, servers and other digital storage media (e.g. computers, thumb drives, DVD, CD-ROM, mobile phones). It includes any device that has a digital "brain" to store information.

There are various types of computer forensic examinations. Each deals with a specific aspect of information technology. The main types include the following:

Database forensics. The examination of information contained in databases, both data and related metadata;

Email forensics. The recovery and analysis of emails and other information contained in email platforms, such as schedules and contacts;

Malware forensics. Sifting through code to identify possible malicious programs and analyzing their payload. Such programs may include Trojan horses, ransomware or various viruses;

Memory forensics. Collecting information stored in a computer's random access memory (RAM) and cache;

Mobile forensics. The examination of mobile devices to retrieve and analyze the information they contain, including contacts, incoming and outgoing text messages, pictures and video files;

Network forensics. Looking for evidence by monitoring network traffic, using tools such as a firewall or intrusion detection system.

Forensic investigators typically follow standard procedures, which depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for. In general, these procedures include the following three steps:

1) Data collection. Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device's storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes, such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website.

2) Analysis. Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology's Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power.

3) Presentation. The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system.

To create requirements for the information protection, countries introduce legislation and regulations in the field of information security at the government and individual authorities level. Such requirements can be conditionally divided into state (required to carry out by all legal entities and/or individuals) and sectoral (regulating the work of individual branches of the economy). In this regard, the Republic of Angola is no exception.

Here the requirements for observing the citizens personal data security are formed and required - Data Protection Law (Law no. 22/11 of 17 June 2011), as well as the BNA (Banco Nacional de Angola) requirements for credit and financial organizations ("representatives of the banking sector") AVISO N.º 082020.

In addition to local laws and regulations, in the case of processing EU members personal data, companies must comply with the GDPR requirements (General Data Protection Regulation). Also, financial institutions when processing payment card data related to the Payment Card Industry Security Standards Council must comply with the PCI DSS standard. The same situation is with the SWIFT payment system, whose members have their own regulatory and technical requirements.

In terms of compliance with the requirements for companies, it is very important to determine the applicable requirements, as well as the shortest ways to implement them. Moreover, some of the requirements of the various applicable legislations overlap, that, if properly analyzed, companies can use to reduce implementation costs.