Penetration Testing

A penetration test is a more advanced test, and is usually goal-oriented.  As an example, you may have an internet facing web server hosting confidential data where the objective of a penetration tester is to attempt a compromise of said data.  The purpose of the penetration test is to simulate a real-life attack conducted by ethical hackers, who simulate an internal or external threat actor. Most penetration tests include a vulnerability assessment as the first step, but go beyond identifying vulnerabilities to determine if those vulnerabilities are exploitable. Most penetration tests involve both automated and manual efforts to achieve the goal.

Penetration tests can be performed internally or externally. An external test simulates an attacker on the outside trying to get in. An internal test simulates an attacker that gained physical access to your environment or compromised a user’s computer and or credentials (i.e. via social engineering) to gain access to sensitive data or to perform nefarious acts. It can also simulate a rogue employee looking to gain additional unauthorized access to information / data, or to potentially cause harm.

Download the tear sheet now

Benefits

  • Helps identify what data can be compromised and how it can affect your business
  • Determines whether or not an attack can be detected
  • Provides an understanding of the attack vectors
  • Validates or helps build a case for security tool expenditures
  • Helps your business meet regulatory or compliance requirements

External Penetration Test

We simulate a real-world attack of your internet facing devices. We start with reconnaissance, and then move to find and exploit vulnerabilities.

Internal Penetration Test

We simulate a threat actor gaining access to your internal network and attacking the resources behind your firewall. This type of tests also simulates a rogue insider.

Wireless Penetration Test

We test your wireless network to identify weak authentication, attempt man-in-the-middle attacks, and to verify any anti-spoofing protection that may exist.

Looking for a different type of test?

Web Application Assessment

Need a web application assessment? We perform a web application assessment leveraging the OWASP Top 10 framework.

  • Tests the health of the application
  • Identify potential vulnerabilities and vectors of compromise
  • Assure consumers that your web application is safe to use

Social Engineering Assessment

We can test you or your employee’s ability to detect and respond to phishing, vishing, and smishing exercises.

  • Ensures you or your employees are aware of common attack techniques
  • Test their ability to respond to social threats
  • Confirm they are following your firm’s policies

Want more information? Request a free consultation!

Contact Us