Penetration Testing Services

Penetration Testing is commonly referred to as PenTesting. Our Security Experts will simulate a real world hacker attacking your network infrastructure, your applications or your companies web servers (websites). Penetration Testing is done to determine your companies vulnerabilities and offer countermeasures so that you can mitigate these issues and avoid data breach. All of our Penetration Tests, Assessments and Audits include a detailed, comprehensive report outlining the exploitable vulnerabilities which can include solutions and countermeasures to mitigate those vulnerabilities.

There are three main types of Penetration Testing: Black Box, Gray Box and White Box Penetration Testing.

Black Box Penetration Testing:

The client does not provide any technical or network related details to our security experts. This accurately simulates a real world hacker attacking with no inside information on the target company. Since all information needs to be acquired by our security auditors, this is the most challenging type of Penetration Test. It lets your organization know the type of damage that a hacker can do within the specified period of time allotted for the test.

Gray Box Penetration Testing:

The client will provide our security team with certain internal information such as network diagrams or login credentials of priveleged users. Our auditors can simulate sophisticated attacks on your networks while minimizing the time required during the reconnaissance phase which significantly lowers the cost for the testing services. This is the most common approach to penetration testing due to offering a mix of what Black Box & White Box Testing allows.

White Box Penetration Testing:

The White Box approach can simulate an insider attack or when an insider leaks your valuablle information to a hacker. White Box Testing is most similar to an audit since the client provides all information regarding the network architecture, user login credentials and any other applicable details. It is a very collaborative test which offers the most comprehensive approach to security testing. Due to the amount of details that can be tested with this approach, White Box Testing is for companies that want to make sure that every aspect of their security posture is solid. Like Black Box Penetration Testing, this approach can be much more time consuming.

The Cyber Security Agency will identify and examine vulnerabilities in your External, Internet Facing Networks, Servers and Systems and/or Internal, Intranet Facing Systems. We will determine whether they can be exploited by an attacker therefore compromising the target system and other connected systems, or used to gain access to other sensitive information.

External Penetration Tests can include:
Testing internet facing servers, applications, websites & web applications.
Testing VOIP infrastructure
Testing Firewalls/Intrusion Detection Systems / Intrusion Prevention Systems
Testing for Weak Passwords & Login Credentials

Internal Penetration Testing can include:
Testing Wireless Networks (Wifi)
Testing Social Engineering Attacks: Are your Employees a weak link
Testing Phishing Attacks: email attack vectors
Testing Privilege Escalation
Testing Malicious Employee Activity
Testing for Weak Passwords & Login Credentials