A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source. The process involves an active analysis of the system for any potential vulnerability that could result from poor or improper system configuration, either known and unknown hardware or software flaws or operational weaknesses in process or technical countermeasures. We carry out this analysis from the position of a potential attacker or a hacker and can involve active exploitation of security vulnerabilities. Any security issues that we found will be presented to the system owner, together with an assessment of their impact, and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact in case of a successful exploit, if discovered. It is a component of a full security audit. There are common assessment scenarios which can be customized in many ways to meet a customer’s needs. Each type of assessment takes varying amounts of time and is impacted by the number of targets

Network Based (Attack & Penetration);

Penetration testing includes components of application vulnerability assessment, host vulnerability assessment, and security best practices. We perform this with or without detailed prior knowledge of the environment. When it is performed without prior knowledge additional steps will be taken to enumerate hosts and applications and to assess the ease with which any outsider could exploit publicly available information or social engineering to gain unauthorized access.

Host Based;

This is an assessment of the health and security of given workstation or server. Automated scanning tools are the primary vehicle for this type of assessment. Additional hands-on inspection may also be necessary to assess conformance to security best practice.

Application; This is an assessment of the functionality and resilience of the compiled application to known threats. This assessment focuses on the compiled and installed elements of the entire system: how the application components are deployed, communicate or otherwise interact with both the user and server environments.

Compliance; This involves auditing systems for compliance with specific regulations: eg HIPAA, FERPA, GLBA, PCI etc.

Enterprise Security Assessment; This is a comprehensive study of the hosts, networks, applications, environmental controls, as well as policies and procedures. This service is currently outsourced though Security Support Engineer can serve as the engagement manager with a number of preferred suppliers.