Penetration Testing (aka Ethical Hacking) is a substantive test of the net security posture resulting from the cumulative security controls applied. It is typically leveraged to assess the net security posture (trustworthiness) of key elements of your security environment (e.g, networks, applications, people). Penetration Testing is most frequently performed to:
- Substantiate the net effectiveness of a mature control environment
- Prove to a third party that an environment is secure/trustworthy
- Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
- To validate that significant changes did not have unanticipated results
Of all assessment activities – Penetration testing is most widely misunderstood and misused. We highly recommend that you take the time to understand the vulnerability assessment & penetration testing process and the assurance it does/does not provide before moving forward with testing
- Network
Network Vulnerability Assessments: Integral to a systematic and proactive approach to network security that reduces the risk associated with attacks aimed at system and network vulnerabilities and demonstrates compliance with relevant standards, laws & regulations.
Read more on Network Vulnerability Assessments
Network Penetration Tests: A hands-on analysis of network/systems security, performed by an experienced analyst, usually using a combination of open-source and commercial utilities, with the objective being to determine the probability that vulnerabilities can be exploited, and if so the associated business impact.
Read more on Network Penetration Tests
Third-Party Monitoring Effectiveness Testing: Evasive techniques with gradual attack aggressiveness escalation to test incident detection and response capacity of third-party monitoring. The test would be conducted prior to a standard external VA PT testing.
- Application
Application Vulnerability Assessments: Integral to a systematic and proactive approach to web security that reduces the risk associated with application level attacks (e.g. Cross-Site Scripting, SQL Injection) and ensuring compliance with relevant standards, laws & regulations.
Read more on Application Vulnerability Assessments
Application Penetration Tests: An application analysis performed by an experienced analyst, usually using a combination of open-source and commercial utilities for performing task-specific functions and hands-on analysis to attempt to exploit application-level vulnerabilities to business impact.
Read more on Application Penetration Tests
- Database
Database Vulnerability Assessments: Integral to a systematic and proactive approach to database security and reduce the risk associated with both web and database specific attacks and support compliance with relevant standards, laws & regulations.
Read more on Database Vulnerability Assessments
Database Penetration Tests: Hands-on analysis of database security, performed by an experienced analyst, usually using a combination of open-source and commercial utilities, with the objective being to determine the probability that vulnerabilities can be exploited, and if so the associated business impact.
- WLAN Security Testing
WLAN Configuration Audit: Validates that your WLAN is designed and configured in accordance with good practices.
Read more on WLAN Configuration Audit
WLAN Survey: Confirms that your WLAN is restricted to authorized individuals, does not extend beyond intended boundaries, that no Rogue Access Points have been deployed, and that other organizations’ WLANS are not extending into your workspace and putting you at risk.
Read more on WLAN Survey
- Physical
- Social Engineering
Social Engineering: A distinct and far less technical form of penetration testing that emulates the activities of a malicious user and the variety of techniques used to gain information that further aides or eases the progress of their attack.
Read more on Social Engineering
- Deep Web Reconnaissance
