PENETRATION TESTING
Testing the Security Controls of your Corporate Infrastructure
What Is Penetration Testing

What Is Penetration Testing
Our Methods
Knowledge
Insight
Awareness of Exploitation
Penetration testing confirms the system is exploitable. It does not confirm the system is not exploitable because it is about the tester’s ability and not necessarily the security controls deployed by the organization.
Working Plan
Awareness of Vulnerability
Meet Regulatory Compliance Requirements
How Service is Conducted
Penetration Testers should document everything they do especially on successful exploits where they will continue down the testing process.
Deliverables
- Scope of the Test (Goals, Objectives, limitations, restrictions)
- Type of Test (Black, White, Grey Hat)
- Boundaries of the Test (Net Ranges, Domains, Hosts, Applications, etc.)- Attack Surface
- Roles and Responsibilities (POCs, Support for device crash/locked)
- Schedule for testing (Dates and Times or unknown)
- Pen Tester – Reconnaissance (what to use before system touch)
System search for vulnerabilities - Creating exploits and payloads for stealth and improved probabilities
Exploit weaknesses for first access – repeat with new options or move on to next vulnerability if unsuccessful - Exploit systems for second level access (privileged access)
- Create backdoors or simpler access methods to return to the device
- Delete events and logs and other traces of original attack and suppress (hide) information about current access methods
Why Choose us?
Tests for:
Healthcare practices
Entertainment organizations
Government Contractors
Government Agencies
System Experience:
Security Architecture – Freddie Mac, NGMS, GD C4S, NCI, IBM Global Services
Security Products – Fortinet, Rapid7, Dell SonicWall, Shiva/Intel VPN, Tenable, SAINT, Qualys
Open Sourced – Kali, OWASP, Metasploit, Kismet, etc.
Wireless – Bluesocket, Fortress
Penetration Testing is a full spectrum, black to white box testing of your environment. You systems include the wired and wireless networks, applications, devices, and even personnel. The result is to find vulnerabilities an attacker could exploit and see how your security controls respond.