Sızma Testi MetodolojileriSızma Testleri Metodolojileri • OWASP • Web GüvenliğiTestleri • Mobil UygulamaGüvenliğiTestleri • IoTGüvenlikTestleri • OSSTMM • Open Source

www.prismacsi.com© All Rights Reserved.

1111

Sızma TestiMetodolojileri

Bu doküman, alıntı vererek kullanılabilir ya da paylaşılabilir ancak değiştirilemez ve ticari amaçla kullanılamaz. Detaylı bilgiye https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode.tr bağlantısından erişebilirsiniz.

www.prismacsi.com© All Rights Reserved.

2

www.prismacsi.com© All Rights Reserved.

2

www.prismacsi.com© All Rights Reserved.

2

www.prismacsi.com© All Rights Reserved.

2

• Ağ Sızma Testi• Web Uygulama Sızma Testi• Mobil Uygulama Sızma Testi• SCADA Sızma Testi• Red Team Sızma Testi• Sosyal Mühendislik Testi• Servis Dışı Bırakma Testi• APT Saldırı Simülasyonu• Mail Gateway Güvenlik Testi• Fiziksel Sızma Testi• Yük & Stress Testi• BDDK Uyumlu Sızma Testi

Sızma Testleri

www.prismacsi.com© All Rights Reserved.

3

www.prismacsi.com© All Rights Reserved.

3

www.prismacsi.com© All Rights Reserved.

3

www.prismacsi.com© All Rights Reserved.

3

Sızma Testleri Metodolojileri

• OWASP• Web Güvenliği Testleri• Mobil Uygulama Güvenliği Testleri• IoT Güvenlik Testleri

• OSSTMM• Open Source Security Testing Methodology Manual

• Pentest-Standard

www.prismacsi.com© All Rights Reserved.

4

www.prismacsi.com© All Rights Reserved.

4

www.prismacsi.com© All Rights Reserved.

4

www.prismacsi.com© All Rights Reserved.

4

Sızma Testleri Metodolojileri

• PTEST (Penetration Testing Execution Standard)• Pre-engagement Interactions• Intelligence Gathering• Threat Modeling• Vulnerability Analysis• Exploitation• Post Exploitation• Reporting

www.prismacsi.com© All Rights Reserved.

5

www.prismacsi.com© All Rights Reserved.

5

www.prismacsi.com© All Rights Reserved.

5

www.prismacsi.com© All Rights Reserved.

5

Sızma Testleri Metodolojileri

• OWASP – Web Application Penetration Testing

www.prismacsi.com© All Rights Reserved.

6

www.prismacsi.com© All Rights Reserved.

6

www.prismacsi.com© All Rights Reserved.

6

www.prismacsi.com© All Rights Reserved.

6

Sızma Testleri Metodolojileri

• OWASP Web Security TOP 10

www.prismacsi.com© All Rights Reserved.

7

www.prismacsi.com© All Rights Reserved.

7

www.prismacsi.com© All Rights Reserved.

7

www.prismacsi.com© All Rights Reserved.

7

Sızma Testleri Metodolojileri

• OWASP Mobile TOP 10• M1: Improper Platform Usage• M2: Insecure Data Storage• M3: Insecure Communication• M4: Insecure Authentication• M5: Insufficient Cryptography• M6: Insecure Authorization• M7: Client Code Quality• M8: Code Tampering• M9: Reverse Engineering• M10: Extraneous Functionality

www.prismacsi.com© All Rights Reserved.

8

www.prismacsi.com© All Rights Reserved.

8

www.prismacsi.com© All Rights Reserved.

8

www.prismacsi.com© All Rights Reserved.

8

Sızma Testleri Metodolojileri

• OSSTMM - http://www.isecom.org/mirror/OSSTMM.3.pdf

www.prismacsi.com© All Rights Reserved.

9

www.prismacsi.com© All Rights Reserved.

9

www.prismacsi.com© All Rights Reserved.

9

www.prismacsi.com© All Rights Reserved.

9

www.prismacsi.cominfo@prismacsi.com

0 850 303 85 35

/prismacsi

İletişim