Steps to Schedule Your Penetration Test:
1. Schedule a 30-minute Discovery Session
2. We determine IF and HOW we can help
3. We provide a Tailored Proposal
4. Together, we review the Proposal
Penetration Testing Services Highlights:
- Highly trained and certified team with the following credentials: CISSP, CSSLP, OSCP, ECSA, LPT (Master), CEH, etc.
- We dive deeper
- Proven methodology
- Includes remediation validation test (RVT) to validate your fix actions
- Clear & concise reports with prioritized, actionable items
- Includes Letter of Attestation
How secure is your network? When is the last time you tested your cybersecurity defenses? Why not take steps now to protect your systems, your employees, and your clients from a cyberattack? You cannot fix what you do not know. A penetration test strengthens your defenses by revealing your weaknesses and recommending prioritized fix actions.
We offer full-spectrum cybersecurity penetration testing, from testing a single IP address or web application to full-blown Red Team engagements. As ethical hackers (penetration testers), we emulate hackers and cybercriminals by utilizing similar techniques to perform reconnaissance, identify vulnerabilities, and break into your systems. Unlike attackers, however, we play by our agreed upon Rules of Engagement (ROE). We cease the test before exposing sensitive data or doing harm to your environment.
We offer every type of penetration test available. We broadly categorize our testing into two main categories, based on the location they are typically performed from: “Remote” and “Onsite”. Most of our penetration testing services can be performed remotely.
Remote Penetration Testing
- External Black Box (Unauthenticated) Network Penetration Test
- External Gray Box (Authenticated) Penetration Test (typically against a web application)
- Web Application Penetration Test
- Remote Vulnerability Assessment (we ship a device to you)
- Remote Internal Black Box Penetration Test (we ship a device to you)
- Remote Wireless Security Assessment (we ship a device to you)
- Social Engineering
- Digital Footprint Analysis
Onsite Penetration Testing
- Internal Gray Box (Authenticated) Penetration Test (can be performed remotely)
- Internal Black Box (Unauthenticated) Network Penetration Test(can be performed remotely)
- White Box Penetration Test (typically on products, such as medical devices)
- Wireless Security Assessment (can be performed remotely)
- Internal Vulnerability Assessment (can be performed remotely)
- Social Engineering
- Physical Device Plants and Drops
- Physical Penetration Test
Black Box Penetration Testing
With Black Box Penetration Testing we only have unauthenticated access and little prior knowledge, except the IP Address or URL, about the systems in scope. Black Box Penetration Testing can be performed externally, against public-facing systems or internally, simulated a rogue device or insider threat against your internal environment. Black Box Penetration Testing is often called Network Penetration Testing.
Gray Box (Authenticated) Penetration Testing
With Gray Box Penetration Testing we test target systems as an authenticated user with user-level access. For instance, we test a portal on your website by creating an authenticated user account or using credentials that you provide. We attempt to escalate privileges or access-controlled data. The Gray Box Penetration Test ensures users cannot access sensitive data, such as another user’s information.
White Box Penetration Testing
White Box Penetration Testing is designed to assess a system or device with”administrator” or “root” level access and knowledge. This often includes access to architecture diagrams, design documents, specifications, and source code. White Box Penetration Testing is ideal if you develop your own products or integrate systems into your environment.
We follow a high-level seven phase methodology designed to maximize our efficiency, minimize risk, and provide complete and accurate results. The overarching seven phases of the methodology are:
- Planning and Preparation
- Reconnaissance / Discovery
- Vulnerability Enumeration / Analysis
- Initial Exploitation
- Expanding Foothold / Deeper Penetration
- Report Generation
Benefits and Features
We think it is better to have an ethical hacker find the holes into your enterprise than an adversary. Our Penetration Testing provides details on exploitable vulnerabilities in a prioritized, tangible manner. Our report allows you to better understand what your environment looks like from an attacker perspective. This helps you prioritize efforts to mitigate risk to reduce breach likelihood or damage.
Not only do our Penetration Testing Services show you what your attack surface looks like to an adversary attacker, but they can be used as a safe way to test your organization’s incident response (IR) capabilities. Our Penetration Testing services can be used to tune and test your security controls, such as your IDS, Firewall, Endpoint Security, Router ACLs, etc.
Our Penetration Testing services also help you meet compliance audit requirements such as:
- HIPAA Penetration Testing
- PCI Penetration Testing
- SOC 2
What You Get / Deliverables
You get four items:
- Penetration Test Report
- Penetration Test Report Findings Review with your team via an online session
- Remediation Validation Retest (RVT) after you fix identified problems
- Letter of Attestation
1. Penetration Test Report
The Penetration Test Report includes IP addresses tested, vulnerabilities discovered, steps taken during the assessment, exploitable areas discovered, and prioritized recommendations. For any systems we are able to exploit, an “Attack Narrative” section is used to discuss step-by-step the process we used to gain access, escalate privileges, etc.
For a sample penetration test report, please contact us or complete the Penetration Test Information Request Form, below.
The report sample below is used as a quick reference to focus remediation and mitigation efforts on. The findings are ranked by risk rating and include recommendations (rec), reference links for mitigation steps, and tester notes.
2. Penetration Test Report Findings Review
We schedule either an in-person of online session with you where we walk through the report with your team and answer any questions about the findings, our methods, or the steps required for remediation. Many competitors deliver a confusing lengthy report at the end of the engagement for you to decipher. Our penetration test report review adds tremendous value because we can clarify findings and remediation steps.
3. Remediation Validation Test (RVT)
How do you know the steps you took to fix our penetration test report findings actually worked? Validation removes the guesswork. When you’re ready, after fixing the issues identified in the penetration test report, we offer a deep discount to rerun the same penetration test. This is a crucial and often overlooked step in this process. Validating security controls, patches, and other fix actions are extremely important. We have discovered numerous organizations that thought they fixed a finding we identified, only to discover after a retest that the finding was still there.
4. Letter of Attestation
The attestation letter serves as the record of us performing the penetration test. It includes a summary of the findings. Its intent is for external use, outside of your organization, to show proof that a security assessment was performed and to highlight test results.
Interested in testing your systems to see how effective your security controls are against an attacker?
Contact Us for more information about our Penetration Testing Services or to schedule a Penetration Test.