Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
www.prismacsi.com© All Rights Reserved.
1111
Sızma TestiMetodolojileri
Bu doküman, alıntı vererek kullanılabilir ya da paylaşılabilir ancak değiştirilemez ve ticari amaçla kullanılamaz. Detaylı bilgiye https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr bağlantısından erişebilirsiniz.
www.prismacsi.com© All Rights Reserved.
2
www.prismacsi.com© All Rights Reserved.
2
www.prismacsi.com© All Rights Reserved.
2
www.prismacsi.com© All Rights Reserved.
2
• Ağ Sızma Testi• Web Uygulama Sızma Testi• Mobil Uygulama Sızma Testi• SCADA Sızma Testi• Red Team Sızma Testi• Sosyal Mühendislik Testi• Servis Dışı Bırakma Testi• APT Saldırı Simülasyonu• Mail Gateway Güvenlik Testi• Fiziksel Sızma Testi• Yük & Stress Testi• BDDK Uyumlu Sızma Testi
Sızma Testleri
www.prismacsi.com© All Rights Reserved.
3
www.prismacsi.com© All Rights Reserved.
3
www.prismacsi.com© All Rights Reserved.
3
www.prismacsi.com© All Rights Reserved.
3
Sızma Testleri Metodolojileri
• OWASP• Web Güvenliği Testleri• Mobil Uygulama Güvenliği Testleri• IoT Güvenlik Testleri
• OSSTMM• Open Source Security Testing Methodology Manual
• Pentest-Standard
www.prismacsi.com© All Rights Reserved.
4
www.prismacsi.com© All Rights Reserved.
4
www.prismacsi.com© All Rights Reserved.
4
www.prismacsi.com© All Rights Reserved.
4
Sızma Testleri Metodolojileri
• PTEST (Penetration Testing Execution Standard)• Pre-engagement Interactions• Intelligence Gathering• Threat Modeling• Vulnerability Analysis• Exploitation• Post Exploitation• Reporting
www.prismacsi.com© All Rights Reserved.
5
www.prismacsi.com© All Rights Reserved.
5
www.prismacsi.com© All Rights Reserved.
5
www.prismacsi.com© All Rights Reserved.
5
Sızma Testleri Metodolojileri
• OWASP – Web Application Penetration Testing
www.prismacsi.com© All Rights Reserved.
6
www.prismacsi.com© All Rights Reserved.
6
www.prismacsi.com© All Rights Reserved.
6
www.prismacsi.com© All Rights Reserved.
6
Sızma Testleri Metodolojileri
• OWASP Web Security TOP 10
www.prismacsi.com© All Rights Reserved.
7
www.prismacsi.com© All Rights Reserved.
7
www.prismacsi.com© All Rights Reserved.
7
www.prismacsi.com© All Rights Reserved.
7
Sızma Testleri Metodolojileri
• OWASP Mobile TOP 10• M1: Improper Platform Usage• M2: Insecure Data Storage• M3: Insecure Communication• M4: Insecure Authentication• M5: Insufficient Cryptography• M6: Insecure Authorization• M7: Client Code Quality• M8: Code Tampering• M9: Reverse Engineering• M10: Extraneous Functionality
www.prismacsi.com© All Rights Reserved.
8
www.prismacsi.com© All Rights Reserved.
8
www.prismacsi.com© All Rights Reserved.
8
www.prismacsi.com© All Rights Reserved.
8
Sızma Testleri Metodolojileri
• OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf
www.prismacsi.com© All Rights Reserved.
9
www.prismacsi.com© All Rights Reserved.
9
www.prismacsi.com© All Rights Reserved.
9
www.prismacsi.com© All Rights Reserved.
9
0 850 303 85 35
/prismacsi
İletişim