Penetration Testing

Identify your exploitable weaknesses before your adversary finds them.

Attacker-Ready Penetration Tests

Our penetration tests go well beyond a vulnerability scan. With a highly manual testing process, we find vulnerabilities that other penetration test providers miss such as web application vulnerabilities, business logic flaws, and sensitive data disclosure.

We don't stop at report delivery. We give you 30 days to fix vulnerabilities identified and will re-test the findings to validate that remediation was successful and no residual risk remains. Remediation validation is a standard component of our penetration tests.


Audit-Ready Penetration Tests

We understand compliance. Whether you are needing to be compliant with PCI DSS, HIPAA, DFARS, NIST, or another standard, our security consultants will ensure your penetration test will stand up to an audit.

Avoid the common pitfalls with scoping and testing perspective coverage that can lead to failing an audit. Get it done right the first time and work with a company who understands compliance.


Attack Vectors


External Network

Identify your exploitable weaknesses accessible to an Internet-based attacker

Key Questions Answered

Can an Internet-based attacker:
- Gain unauthorized access to corporate data?
- Utilize our infrastructure to exploit our clients and partners?

Internal Network

Identify your exploitable weaknesses accessible to attackers inside your perimeter

Key Questions Answered

Can an internal attacker:
- Exploit weaknesses of servers, workstations, and other devices?
- Gain access to our most critical assets?

Phishing

Test your security awareness posture with credential theft or malware execution spear phishing attacks

Key Questions Answered

- What percentage of employees will fall victim?
- Will employees follow incident escalation procedures?
- How to we stack up to similar organizations?

Web Applications

Identify exploitable weaknesses in your web applications

Key Questions Answered

- Are my web apps vulnerable to the OWASP Top 10 and other web vulnerabilities?
- Can a standard user gain administrator access?
- Can User A exploit User B?
- Are web-based APIs (e.g. REST, SOAP) exploitable?

Wireless Network

Wireless network and wireless-connected device exploitation

Key Questions Answered

- Can the guest network be leveraged to gain access to corporate systems and data?
- Can wireless security be bypassed?
- Are wireless clients vulnerable to rogue AP attacks?

Mobile Apps

Identify exploitable weaknesses in your mobile apps and back-end API

Key Questions Answered

Can a malicious app user:
- Escalate privilege to gain unauthorized access?
- Access the data of another user?
- Exploit back-end APIs (e.g. REST, SOAP)?

 

Targeted Attack Simulation

Deploy a combination of real-world attacks

Key Questions Answered

- Real-world simulation of a targeted attack using multiple attack vectors
- Access gained from one attack vector used to exploit another

 

Benefits

Identify security blind spots

Simulate the attacker’s perspective

Protect sensitive customer and business data

Prioritize your security efforts

Meet compliance obligations

Prevent breaches


Deliverables

Concise reporting with clear remediation instructions

Executive summary that non-technical audiences love

Post-reporting remediation validation to ensure weaknesses have been fixed

Risk ratings for each penetration test component and for individual findings

Executive presentation