1. Penetration Testing Services - External & Internal
    Penetration Testing Services - External & Internal
    Description

We have a team of expert security engineers/consultants with extensive security assessment services background from working at Internet Security Systems (acquired by IBM in 2006) that specialize in Penetration Testing and Vulnerability, Application, Mobile & SIEM assessments. Our team collectively has completed thousands of Pen Tests for companies of all sizes and complexity in every industry. As we have only senior resources, every customer regardless of size/complexity gets a fully seasoned security professional conducting their assessment from beginning to end. Our customers also get full direct access to that tester throughout the entire engagement so they can leverage their experience in their remediation phase as well.
 
Over 80% of our Pen Testing process is based on manual testing. Our team uses extensive manual technical testing techniques with full exploitation to simulate realistic hacking scenarios and examine the entire customer environment for vulnerabilities, at all levels of the infrastructure to include the network, operating systems, and common application services. We provide in-depth analysis of the findings, a comprehensive view of the risks associated with the vulnerabilities, and detailed actions and strategies to reduce the identified risks including a heat map on how we recommend the remediations be prioritized. We provide an overall risk rating to show what the compilation of all of the findings really means and provide a comparison to how our customer ranks against other companies. We also summarize the direct impacts these Pen Test results may have on an organizations regulatory compliance concerns.  A sample customer Pen Test report is available upon request.
 
Our team has a wealth of experience in Pen Testing and it shows by the level of skillset we bring to customer engagements, the degree of customized testing we perform, and the quality of the final deliverable.  

Penetration Testing Overview:
A Penetration Test examines the entire customer environment for vulnerabilities, at all levels of the infrastructure to include the network, operating systems, and common application services. Testing a company's systems and networks by mimicking these types of attacks identifies potential avenues of exploitation before malicious individuals use them. Security testing is one of the most proactive measures a business can take to help defeat malicious activity. Penetration Testing also helps provide business leaders the knowledge required to understand the impact a successful attack might have on their business operations and, in turn, can help validate the effectiveness of existing security controls, and justify additional security related investment.

Organizations planning for a Penetration Test have to juggle many competing priorities. They are struggling to become compliant, and stay compliant, with any number of security standards or regulatory targets. Budgetary pressures are ever-present, and organizations need to ensure that Penetration Tests are performed by expert cyber security engineers/consultants. 

Penetration Testing Service Summary:
  • Vulnerability Identification with exploitation
  • Tests all levels of the infrastructure
  • External (via the Internet) or internal testing
  • Detailed recommendations to reduce risks
  • Business analysis provides executive perspective
  • Meets PCI annual Pen Test requirements

PCI Penetration Testing:
Our Penetration Testing methodology is fully compliant with the PCI standards and will help our customers meet their assessment objectives as described in 11.3 of the PCI Data Security Standards (DSS).

PCI Penetration Testing Requirements:
  • PCI DSS 11.3 requires a pen test regardless of company size/level
  • Annual Pen Test is in addition to the quarterly ASV scans
  • Pen Tests must be conducted annually or after any significant change to the network or applications
  • Pen Tests must include both internal and external testing, and must utilize manual testing techniques
  • Testing methodology should follow industry standards

PCI Penetration Testing Service Summary:
  • Based on industry accepted standards to include NIST and OSSM
  • Scope includes both internal and external testing as required by PCI
  • Testing incorporates full manual testing techniques and does not rely on automated tools
  • Includes full exploitation testing
  • Incorporates network segmentation testing to validate scope reduction controls
  • Authenticated Web application testing that meets or exceeds the PCI DSS 6.5 requirements to include injection testing and cross site scripting tests
  • Documentation provides full full risk analysis, remediation recommendations, and estimated timeframes
  • ​Retesting is included at no additional charge