WHAT IS A PENETRATION TEST?
Otherwise known as “ethical hacking” or “white hat attacks”, penetration testing identifies any area of risk that could impact the confidentiality, integrity, and availability of your sensitive information—before it gets attacked for real. We can then proactively address those vulnerabilities, so you can protect your business from potential problems.
In many cases, a pen test is part of compliance with PCI, HIPAA, and other regulatory frameworks. In addition to probing general network and server vulnerabilities, we can access specific IT targets, flags, such as firewalls, wireless networks, and web applications, or areas and assets containing sensitive data.
HOW DO WE DO IT?
Our industry-leading penetration tests are standards-based and incredibly comprehensive. In fact, our partners wrote the manual on it.
We factor in the fundamentals from the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), and the Open Web Application Security Project (OWASP) Penetration Testing Guide.
From there, we provide a custom remediation plan and can even help you execute it. Because why plan if you’re not going to execute?
TAILORED TO YOUR BUSINESS
Everything we do is specifically tailored to your organization’s security and compliance needs.
Our penetration tests can include multiple locations and perspectives or be limited to just one perspective and a single location. They can also include social engineering exercises, web applications assessments, and a review of your key firewall rules base and configuration.
- Passive Reconnaissance (Domain Squatting, Email and File Enumeration, etc.)
- Vulnerability Assessment
- Penetration Testing
- Web Applications Assessment
- Mobile Application Assessment
- Social Engineering (Phishing, Baiting, Pretexting)
- Physical Security Review
- Firewall and Router Configuration Review
- Wireless Security Assessment
- Incident Response Threat Identification Training
REPORTS WORTH READING
Every test is accompanied by a formal report designed to not only provide a high level overview of the engagement for upper management and C-Level staff, but also include the detailed findings with key recommendations that can help those with remediation responsibilities.
- Formal Report (Our Flagship Report)
- Snapshot Report
- Vulnerabilities by Severity Report
- Vulnerabilities by Host Report
- Ports and Protocols Report
- Custom reports available on a case-by-case need or special request