Penetration Testing

The more successful you are, the bigger a target you become. Your best defense against a attack on your network is to scan it regularly and fix the high risk vulnerabilities the scan identifies.

Internal Penetration Testing

Our Internal Penetration Tests simulate what an insider attack could accomplish.  The purpose is to discover what a hacker may be able to achieve by gaining access to the internal network.  Insider attacks have the potential of being very devastating because insiders already have the knowledge of what's important within a network and where it's located.  Our internal pen-tests consist of the following tasks:

  • Internal Network Scanning
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Manual Configuration Weakness Testing and Verification
  • Limited Application Layer Testing
  • Firewall and ACL Testing
  • Administrator Privileges Escalation Testing
  • Password Strength Testing
  • Network Equipment Security Controls Testing
  • Database Security Controls Testing
  • Internal Network Scan for Known Trojans
  • Third-Party/Vendor Security Configuration Testing

External Penetration Testing

External penetration tests address the ability of a remote attacker to get into the internal network.  Our goal when conducting such tests is to access specific servers and other important assets within your internal network by exploiting externally exposed servers, clients, and people.  We do so by exploiting a vulnerable Web application or by allowing access to the VPN.  The end game is to get from the outside to the inside.  Our External Penetration Tests consist of the following tasks:

  • Network Foot Printing
    • Internet Presence Mapping
    • Social Engineering
    • Dumpster Diving
  • Wireless Hacking
  • Discovery and Probing
  • Enumeration
  • Testing and Evading network-filtering devices
    • Intrusion Detection Systems
    • Firewalls
    • Honeypots
  • Vulnerability identification and verification
  • Exploiting for known vulnerabilities
  • System Hacking
  • Denial of Service and Distributed Denial of Service Simulation
  • Penetrating Physical Security Controls