Security and Infrastructure Tests

What are the Penetration testing methods?

      Blackbox: The Information Security Expert is not given any prior information about the structure and / or system for which the test will be performed.. 

    Whitebox & Crystalbox: The Information Security Expert is informed about the entire structure and / or system within the company / organization.

      Graybox: It is a Penetration test method between 'Whitebox & Crystalbox' and 'Blackbox'. No detailed information is provided to the Information Security Specialist about the structure and / or systems.

Especially for the central registration servers being monitored by the ministries and the governors recently, and for the SOME teams, we are installing end-to-end solutions and integrate them into our existing systems.

(*) Through the 'Whitebox & Crystalbox' and 'Graybox' methods, it is intended to test the consequences of a probable attack, in case the attacker (standard user or authorized user) who already has access (physical or logical) to the company / organization network. From this point of view, there is nothing wrong with this method. The 'Blackbox' method is thought to 'attempt' to 'infiltrate' the system with aggressive eyes, but again, probably the attacker will have enough information about the target structure. For this reason, 'Whitebox & Crystalbox' and 'Graybox' are more effective, more efficient and result-oriented methods.


  1. Step: Data Collection:

In this step; No active scan is performed on the system, only information is collected. Application platform, application programming language, application version, internal / external connections, server platform, operating system, etc. is determined at this step.

  1. Step: Scanning and Classification:

In this step; based on the information gathered in step I, information is obtained by performing a 'scan' operation on the target system and /or a small impact-response to the system.

  1. Step: Obtaining Access:

In this step; based on the information obtained in step II, it is attempted to access the target system through the vulnerabilities detected.

  1. Step: Manage Access:

In this step, over the gained authentication on step III, access rights are managed. For example, to permanently grant access rights on the system and / or to create an authorized user on the system.

  1. Step: Track Hiding (APT-Advanced Persistent Threat):

In this step; any residual information left on the target system in the first four steps about the attack is cleared or obsoleted (such as log recordings).

Oracle and Ms Sql Database Security Health Scan

By checking the integrity of the Oracle database against the universal database design, it is possible to identify security problems:

      Detection of Remote Security Access Rules

      Safety Patch Control

      Security Analysis of Database Services

      Security Internal Parameters Analysis

      Database Audit Analysis

      Database Network Security Analysis

      Database User and Authorization Analysis

      User Profiles Analysis

      DB Link Security Analysis

      Database Object and Role Analysis

      Object Analysis given to Database Admin Rights

In the analysis work done; wrong, incomplete or inadequate usage problems will be detected and an analysis report will be prepared which includes suggestions for solution of these problems.

Why INFOTELICA Penetration Tests

      Our Pentest team has CEH, CISSP, LPT, OSCP and OCP certificates with international validity.

      Practice tests are carried out by senior members who have at least 10 years of experience.

      Our difference is that we are doing penetration tests on the mssql and oracle databases and we are closing the vulnerabilities found.