DDoS Testing by ScienceSoft
DDoS (distributed denial-of-service) testing checks whether a company’s IT infrastructure and applications can withstand numerous malicious requests from distributed sources undermining their availability and required performance.
In information security services since 2003, ScienceSoft helps our customers ensure their IT infrastructures and critical apps are resilient to diverse DDoS attacks.
WHEN TO OPT FOR DDOS TESTING?
IT infrastructure or applications have never been DDoS tested before
Checking the availability and performance of your IT infrastructure and apps under an imitated true-to-life DDoS attack.
Searching for setup and configuration defects in your DDoS protection solutions, if they are in place, and fixing them.
Before and after implementing a DDoS protection solution
Finding vulnerabilities in your IT infrastructure and apps to knowingly select and fine-tune a DDoS mitigation solution.
Validating the effectiveness of implemented DDoS mitigation measures to ensure their correct configuration and the actual level of provided DDoS protection.
Before a critical app or infrastructure component is launched
- Checking the DDoS resistance of the application that is to go live or a newly introduced infrastructure component (e.g., servers, networks, etc.) and their integrations.
Note: ScienceSoft recommends performing DDoS testing regularly (monthly, quarterly, or at least annually), if:
OUR DDOS TESTING SCOPE
ScienceSoft’s DDoS testing professionals develop custom DDoS attack scenarios and validate resilience to the following types of DDoS attacks:
Layer 3 and 4 attacks (Protocol layer attacks)
Such attacks target the transport and network layers of your infrastructure to consume the resources of the targeted server or communication equipment (e.g., firewalls, load balancers).
Vectors: SYN floods, fragmented packet attacks, Ping of Death, Smurf attack, etc.
Layer 7 attacks (Application layer attacks)
These attacks exploit applications by imitating the legitimate user behavior to crash the web server.
Vectors: low-and-slow attacks, GET/POST floods, WordPress HTTP/s floods, Slowloris attacks.
These attacks typically target Layer 3 and 4, but are considered a separate type because of the high volume of malicious traffic involved.
Vectors: UDP floods, ICMP floods, IP/ICMP fragmentation, IPSec flood, reflection amplification attacks, etc.
Multi-vector and multi-layer attacks
Hybrid attacks aim at some/all of the mentioned infrastructure layers and combine a number of attack vectors (can include 15+ vectors) to increase the chances of bypassing the company’s DDoS protection.
Our DDoS testing experts can target:
Entire IT infrastructure
Enterprise software ecosystem
OUR DDOS TESTING DELIVERABLES
ScienceSoft’s security engineers provide:
A DDoS test plan, including the list of the DDoS testing targets, applicable testing tools, types of attacks to be performed and their characteristics (e.g., type and volume of the simulated load, the number of simulated IPs and their geographies).
A DDoS testing summary report with the metrics of the testing targets’ performance measured during the implemented attacks and the general assessment of their DDoS resistance.
List of detected DDoS vulnerabilities prioritized based on their severity and potential business impact.
Recommendations on how to eliminate the revealed vulnerabilities.
Check IT Infrastructure & Apps under DDoS Attacks!
ScienceSoft’s security engineers emulate diverse DDoS attacks to check the resistance and actual performance of chosen testing targets and provide practical advice on enhancing your DDoS protection.
WHY SCIENCESOFT IS AN EXPERT IN DDOS TESTING?
- 18 years in information security services and 6 years in security testing.
- 150+ cybersecurity projects for companies belonging to 30+ industries, including healthcare, banking and financial services, governmental services, telecom, retail, wholesale, etc.
- Certified Ethical Hackers onboard.
- An IBM Business Partner in Security Operations & Response since 2003.
- Customers’ data security ensured by ISO 27001 certification.
We were under time pressure to get penetration testing performed as quickly as possible. When I reached out to ScienceSoft, they were immediately responsive to my inquiry, provided a very competitive quote quickly, and were able to schedule the testing shortly after our acceptance of the quote. ScienceSoft’s security testing team performed exceptionally well and gave us confidence that our application posed no serious vulnerabilities.Read Original
VP Products, 5 Dynamics
ScienceSoft's team provided the full package of penetration testing services for our web application. Thanks to ScienceSoft's high-quality services, we were able to locate and neutralize vulnerabilities and ensure the security of our customers' personal data, as well as protect our services from potential attacks.Read Original
I recommend ScienceSoft’s security testing services fully. They were very quick to reply to all our questions, they scheduled the test in just a few days...The testing itself was very well done, the results were clear and after one iteration of fixes, we passed the re-test.Read Original
ScienceSoft team successfully performed security and penetration testing for SNAD organization's public facing portals back in December, 2018 and gave us the confidence that the portal is ready to be launched with no serious vulnerabilities.Read Original
Technical Project Manager, SNAD
OUR PROPRIETARY DDOS TESTING PROCESS
ScienceSoft’s security engineers analyze your IT infrastructure, outline its vulnerable points, and simulate DoS attacks from a single IP address.
DoS testing can be performed:
- ‘White-box’ – when cybersecurity engineers have the information presumably unknown to a real-life attacker (e.g., implemented cybersecurity measures, IT infrastructure configuration, tech stack, credentials). It typically enables test engineers to explore as many DoS vulnerabilities as possible.
- ‘Black-box’ – when security test engineers have only publicly available information. It helps simulate close-to-reality DoS testing conditions.
If the testing target survives DoS testing, the security engineers proceed with the next step.
ScienceSoft’s security experts carefully evaluate the testing target’s resistance to a simulated attack to minimize the possible negative impact on the target and the customer’s business continuity.
Security engineers perform DDoS testing only if the target is considered resilient enough.
ScienceSoft security engineers opt for ‘white-box’ DDoS testing. This way, they can tailor the DDoS testing scope, scale, and vectors to safeguard the testing targets from an undesirable impact.
OUR DDOS TESTING TOOLKIT
DDoS testing tools
- Cisco TRex
Network scanning tools
BENEFITS OF DDOS TESTING WITH SCIENCESOFT
Real-life DDoS attack simulations
ScienceSoft’s Certified Ethical Hackers develop custom hybrid DDoS testing scenarios for our customers to get the most true-to-life view of their IT infrastructure and applications’ behavior under a potential attack and check the effectiveness of their cybersecurity measures.
DDoS testing with end-users in focus
ScienceSoft’s professionals perform DDoS testing at the safest time for a customer (at night, during weekends, etc.). This way, the users of the tested IT infrastructure components and applications experience minimal to no downtime.
Minimized impact on a DDoS testing target
Our security engineers keep continuous contact with our customers’ IT infrastructure and application administrators to stop DDoS testing if it comes to unexpected issues.
Note: if the testing target’s outages and downtimes are totally unacceptable, ScienceSoft recommends ensuring the recovery servers are in place, setting up the application staging environment (for Layer 7 DDoS testing). If required, our DevOps engineers can promptly assist with the development of the apps staging environment.
Ensured business data security
ScienceSoft is a full-fledged provider of cybersecurity services. Our security engineers rely on an ISO 27001 certified information security management system and 24/7 in-house security monitoring to guarantee our customers’ data security.
OUR HALLMARK CYBERSECURITY PROJECTS
DDoS and Pentesting of Web Applications for a Multinational Retail Chain
Multi-stage penetration and DDoS testing, including the validation of the apps’ resistance to:
- DoS and DDoS attacks.
- Cross-site scripting (XSS).
- SQL injections.
DoS Testing and Pentesting of the Network and Web Applications for a Mobile Operator
Security testing for a GSM operator with 5m+ subscribers, including the check for:
- Getting control over the network and database.
- Resilience to multi-vector DDoS attacks.
- SQL injection, spoofing, cross-site scripting, etc.
IT Infrastructure Security Assessment of an Asian Retail Bank
Cybersecurity validation for a bank with 2.5m+ clients:
- Pentesting of 60 external IP addresses and the Customer’s network.
- Vulnerability assessment of multiple digital channels.
- Simulation of social engineering attacks.
IT Infrastructure Pentesting for a North American Payment Services and Products Company
Pentesting of web servers and apps, including the validation of their resilience to:
- Cross-site scripting (XSS).
- Man-in-the-middle exploits.
- Null byte injections, etc.
FIND YOUR DDOS TESTING SERVICE OPTION
One-time DDoS testing
ScienceSoft’s cybersecurity engineers:
- Analyze your industry, business, and IT infrastructure specifics, plan a fitting set of DDoS testing activities accordingly.
- Develop custom DoS and DDoS testing scenarios.
- Select and configure the relevant testing tools.
- Perform DDoS assessment of the chosen testing targets.
- Carry out the single round of agreed DDoS testing activities.
- Provide a detailed DDoS test plan and report, set of recommendations on how to enhance your DDoS defense.
Recurrent DDoS testing
ScienceSoft’s cybersecurity engineers start with one-time DDoS testing and proceed with the following services after any significant change to your IT infrastructure (e.g., launching or removing infrastructure components, etc.) or critical applications (e.g., cloud migration, re-architecting, introducing third-party integrations, etc.):
- Analyze the changes in your infrastructure or applications to oversee the potential DDoS vulnerabilities and testing needs.
- Re-consider existing DDoS testing scenarios in connection with the introduced changes and develop new ones to optimize DDoS testing coverage.
- Perform DDoS testing focusing on both the vulnerabilities potentially arising from the infrastructure or apps’ changes and the ones detected during the previous DDoS testing.
GO FOR DDOS TESTING TO OUTPACE A REAL DDOS ATTACK
Entrust your DDoS testing to ScienceSoft, to get:
for the in-depth analysis of your business and IT infrastructure specifics, DDoS testing needs
testing targets’ availability due to professional analysis of the target’s readiness prior to DDoS testing and continuous control over its availability during the testing
DDoS testing costs due to the use of proven open-source DDoS testing tools and optimal DDoS testing coverage
DDoS testing time due to the selection of the most informative and true-to-life DDoS testing scenarios and self-management of our cybersecurity experts.