External Vulnerability Scanning
Our external network assessment identifies service ports responding to queries. This information provides a road map of entry points into the network by external Internet users. This effort includes scanning all network ports on the external devices and checking for known vulnerabilities. Systems deemed “vulnerable” are retested to validate the finding and reduce the potential of a false positive reading. The validation will be performed without impact to the system or disruption of service.
Utilizing advanced software tools such as MetaSploit & Core Impact, we run exploits against vulnerable devices. These tools allow us to validate the device vulnerability and eliminating false positive data. The penetration test will simulate the same attack vectors that hackers use to exploit vulnerabilities and perform malicious attacks. . Although we do not perform Denial-of-Service (DoS/DDos) attacks there is a potential for network impact and we recommend performing this phase during off peak hours.
Internal Vulnerability Scanning
Our internal network assessment consists of discovering devices on the network by scanning a range of addresses (e.g.10.10.10.0 through 10.10.10.255). All network devices are identified (e.g. Internet Facing Devices, Desktops, Laptops, Servers, etc.) and the responding addresses are used to determining the security hardness of each device. Systems deemed vulnerable are re-examined to validate the severity of the vulnerability.
Social Engineering tests the human-based element of security within an organization using a variety of methods. These including targeted, crafted emails designed to entice users to provide sensitive information. This is a very effective method for educating users on the sophistication level of today’s threats.
Web Application Testing
Web application testing examines the security posture of application and helps determine potential vulnerabilities while ensuring protection against exposure that could lead to a breach of your network. Testing involves reviewing the configuration of the web hosting architecture (i.e. web server software, web server hardware, application layer). Testing is performed in accordance with Open Web Application Security Project (OWASP), some of which includes but not limited to:
A1 – Injection
A2 – Broken Authentication and Session Management
A3 – Cross-Site Scripting (XSS)
A4 – Insecure Direct Object References
A5 – Security Misconfiguration
A6 – Sensitive Data Exposure
A7 – Missing Function Level Access Control
A8 – Cross-Site Request Forgery (CSRF)
A9 – Using Known Vulnerable Components
A10 – Unvalidated Redirects and Forwards