Penetration testing (ethical hacking or pen-testing) is the practice of testing a computer system, network, or application to find and exploit vulnerabilities that an attacker might target in the field. The main objective of a penetration test is to determine security weaknesses in systems and to exploit these weaknesses to determine if a system is vulnerable to external attacks or threats.

EXTERNAL NETWORK RISK ASSESSMENT

SLI Compliance will perform a port scan of supplied IP addresses, followed by an attempt to exploit any vulnerabilities found. Exploits that are known to either cause a denial of service, be non-reversible, or leave the affected devices more vulnerable to an unauthorized attack than they were when SLI Compliance started, will not be attempted.

APPLICATION PENETRATION TESTING

SLI Compliance thoroughly examines all aspects of a modern election infrastructure application by combining a dynamic penetration test with the depth of source code analysis. The dynamic penetration analysis includes back-end APIs and mobile components, which allows SLI Compliance to become intimately familiar with the solution from the ground up. This familiarity allows understanding of where the application may be vulnerable to an attack. The code review analysis allows SLI Compliance to dive deeper into an application from a development stance. This approach results in the ability to test for a broader range of vulnerabilities and provide higher confidence results.

Application Penetration Testing helps to:

PHYSICAL PENETRATION TESTING

The central intention of a physical penetration test is to assess the depth of existing physical security controls and expose their flaws before an attacker can discover and exploit them. Testing helps to reveal real-world opportunities for malicious insiders or bad actors to be able to compromise physical security controls in such a way that allows for unauthorized physical access to sensitive areas of election technology.

EXTERNAL PENETRATION ASSESSMENT

During the External Penetration Assessment, SLI will validate the vulnerabilities found during the vulnerability scanning. Unlike the vulnerability scans, the penetration testing is mainly a manual process of evaluating the security of your election system / solution by simulating an attacker. This process involves an active analysis of your system for any weaknesses, flaws, or vulnerabilities. SLI Compliance will manually probe the target host for common misconfigurations or flaws because a vulnerability scanner can fail to identify certain vulnerabilities.