Penetration Testing

Penetration Testing Services

You are spending money on security, great! But is it really working?
Penetration testing checks if its working and where you are falling short.

Vulnerability testing

Outside of user credentials, vulnerability exploits are the next leading cause of a data breach.  Testing your firewalls, routers, servers, computers, and IoT devices is paramount to network security.  Our Vulnerability testing services finds and reports all found instances as well as a remediation report of how to fix them.

Weak Password Discovery

Over 70% of attacks involve a users credentials according to Gartner.  Weak passwords need to be discovered and remediated.  Cyber security awareness training is also needed to give users insights on what to look for.

Application testing

Line of business applications are next on the list for data breach attacks.  If your day to day applications are not updated regularly with security patches, they can be a breach waiting to happen.  Our Application penetration testing will scan your applications for any vulnerabilities and exploits.

DREAD Scoring Criteria

Our pen testing reports have a DREAD scorecard for Damage Potential, Reproducibility, Exploitability, Affected users, and Discoverability.  This shows the Who, What, Where, When, and How in the penetration testing reports with remediation steps for your organization.

Composite Risk Categories

The pen testing reports classify each risk incident on a 4 level scale with Critical, Severe, Moderate, and Low scoring criteria.  The risk categories are then correlated to remediation effort ratings as High, Medium, or Low depending on the severity of the found incidents.

Compliance Reporting

All of our penetration testing reports are certified to be used for compliance reporting such as SOX, PCI DSS, NIST CSF, and HIPAA.  Data handling and storage is in compliance with ISO 27000 standards.