Penetration Testing

You are here:

Home
Penetration Testing

TYPES OF PENETRATION TESTS WE OFFER

External Penetration Test

An external penetration test emulates an attacker trying to break into your network from the outside. The goal of the engineer performing this assessment is to breach the perimeter and prove they have internal network access. This test includes:

Open source reconnaissance against the organization
Full port scan covering all TCP ports and the top 1,000 UDP ports of the targets in scope
Full vulnerability scan of the targets
Manual and automated exploit attempts
Password attacks

Internal Penetration Test

An internal penetration test emulates an attacker on the inside of your network. This could be either an attacker who is successful in breaching the perimeter through another method or a malicious insider. The goal of the engineer in this module is to gain root and/or domain administrator level access on the network, and gain access to sensitive files. Activities include:

Active and Passive network reconnaissance including traffic sniffing, port scanning, LDAP enumeration, SMB enumeration, etc.
Vulnerability scan on all in-scope targets
Spoofing attacks such as ARP cache poisoning, LLMNR/NBNS spoofing, etc.
Manual and automated exploit attempts
Shared resource enumeration
Password attacks
Pivoting attacks

Wireless Penetration Test

A wireless penetration test is a comprehensive evaluation of the wireless networks in your organization using automated and manual methods. Areas covered include:

Password attacks
WEP/WPA cracking
Guest wireless segmentation checks
Traffic sniffing attacks
SSID spoofing
Rogue access point discovery

Web Application Penetration Test

A Complete Web application penetration test is an in-depth penetration test on both the unauthenticated and authenticated portions of your website. The engineer will test for all of the OWASP Top-10 critical security flaws, as well as a variety of other potential vulnerabilities based on security best practice. Activities include:

Website mapping techniques such as spidering
Directory enumeration
Automated and manual tests for injection flaws on all input fields
Directory traversal testing
Malicious file upload and remote code execution
Password attacks and testing for vulnerabilities in the authentication mechanisms
Session attacks, including hijacking, fixation, and spoofing attempts
Other tests depending on specific site content and languages

Social Engineering Assessment

This assessment is designed to target and take advantage of the human-element to gain access to your network. This is done using a variety of methods to get an employee to click on something they shouldn’t, enter their credentials or otherwise provide them when they shouldn’t, or divulge information that may assist an attacker in breaching your network. The goal for the engineer performing this assessment is to gain information that may assist an attacker in future attacks, gather credentials, or gain a foothold on the internal network. This assessment will include:

Phone-based attacks
Spear phishing attacks
Bulk phishing attacks

Physical Penetration Test

A physical penetration test is an assessment of the physical security of your premises. Our engineers will attempt to gain access to your facility by identifying weaknesses and/or using social engineering. Once inside, our engineers will attempt to gather sensitive information, gain access to sensitive areas such as the data center, and attempt to gain internal network access.

Vulnerability scanning

Vulnerability scanning is a regular, automated process that identifies the potential points of compromise on a network. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Our engineers will conduct this scan for you and use our expertise to remove false positives and produce a risk-prioritized report.

Internet of things IOT Security Assessment

Developing a secure IoT solution depends on a number of security considerations. This assessment will evaluate the IoT device and its associated infrastructure against common attacks. It can include an evaluation of the edge device, the gateway, the cloud infrastructure, and/or any mobile applications. Our engineers will evaluate your IoT Device utilizing the OWASP IoT Framework Assessment methodology.

Contact us today and get

FREE FIRST CONSULTATION

BOOK YOUR CONSULTATION