CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // IT SECURITY // SECURITY AUDITS // VULNERABILITY ASSESSMENTS
Today's threats are complex and constantly evolving.
It's not a question of if you will be attacked, but when.
Penetration testing, or pen testing, is the most effective way of discovering and demonstrating real world exploitable vulnerabilities within your company’s networks and systems.
The aim of a penetration test, or pen test, is to identify real world exploitable vulnerabilities and demonstrate how they can be leveraged to gain access to and steal your sensitive information.
Penetration Testing can be composed of the following:
-
Internet-facing / External Network Penetration Testing
-
Internal Network Penetration Testing
-
Website Penetration Testing / Web Application Pen Test
-
Spear Phishing Emails
-
Social Engineering Phone Calls
-
War Dialing
-
Wireless Pen Testing
-
Physical Pen Testing
When conducting a Pen Test, TripleSEC follows the de facto standard methodology established in the ethical hacking community over the last 20 years. In fact, some of TripleSEC's founders were instrumental in creating this methodology back in the early days of Penetration Testing before hacking tools and security frameworks were established. These were the days when pen testers had to discover their own vulnerabilities / exploits and script their own hacking tools. The phases of a Penetration Test that TripleSEC follows are:
It is essential to set penetration testing Engagement Goals before starting any testing. TripleSEC begins all Penetration Testing engagements by working with the executive sponsor to establish clear goals of the Penetration Test. These Pen Test engagement goals may include:
-
Access to specific sensitive information
-
Access to critical databases
-
Access to specified systems
-
Testing intrusion detection systems
-
Testing employee response to and analysis of attacks
-
Testing a specific attack scenario
In working with the executive sponsor of the Penetration Testing, Rules of Engagement will also be discussed and set. These Pen Test Rules of Engagement may include:
-
Times of Penetration Testing
-
Days the Pen Testing may occur
-
What systems are in play for the Pen Test
-
What systems to avoid in the Penetration Test
-
Types of attacks allowed during the Pen Testing
-
Types of attacks disallowed i.e. Denial of Service (DoS) attacks during the Penetration Testing
-
When to stop Pen Testing and provide notification of a successful breach
-
Employees to avoid as a targets of the Spear Phishing and Social Engineering Phone Calls
Penetration Testing is a requirement for many regulations and standards as well as an important part of any organization's best practices security strategy. Pen Testing is customized where required such as with PCI Pen Testing to follow all the requirements and controls necessary.
All Penetration Testing details are placed in a quality report deliverable that can be used as attestation or evidence.
PENETRATION
TESTING
LET'S GET
STARTED
Contact Us Today.
Whether you are looking for general information or have a specific question, we want to help.
CALL
Tel: 650-963-5015
-
Applications commonly direct traffic through http so as to bypass firewall rules.
-
Malware may unknowingly be downloaded automatically.
-
Websites may be infected via cross-site scripting (XSS), code injection, and other hacking techniques.
-
Website traffic may be hijacked by hackers.
-
Hijacked corporate websites may be blacklisted by major search engines causing a loss in reputation and business.
On average, a system is attacked within 15 minutes of being placed on the Internet.
ARE YOU TRIPLESEC?