Services
The SACorp Security Team assesses organizations to find vulnerabilities before malicious attackers have the chance. Because the SACorp Security Team is well versed in the methods used by malicious hackers, we are able to identify avenues for attack. Whether you suspect that your organization is vulnerable, or you are required to have attack and penetration assessments performed due to the requirements of regulations and standards such as SoX, Critical Infrastructure Protection (CIP), Payment Card Industry Data Security Standard (PCI DSS), Health Information Technology for Economic and Clinical Health Act (HITECH), SACorp's Team is ready to provide critical expertise you need.
Internal Attack & Penetration
Internal Attack & Penetration
Internal Penetration Test follows documented security testing methodologies which can include:
- Port Scanning and System Fingerprinting
- Services Probing and Vulnerability Identification
- Manual Vulnerability Testing and Verification of Identified Vulnerabilities
- Exploit Research and Service Exploitation
- Application Layer Testing
- Firewall and ACL Testing (Data Exfiltration testing)
- Lateral Movement
- Administrator Privileges Escalation Testing
- Password Strength Testing
External Attack & Penetration
External Attack & Penetration
External Penetration Test follows the penetration testing execution standard (PTES) which includes:
- Pre-engagement Interactions
- Intelligence Gathering using Open-source intelligence (OSINT)
- Threat Modeling
- Vulnerability Analysis
- Exploitation
- Post Exploitation
- Reporting
Compliance Gap Assessment
Compliance Gap Assessment
A compliance gap assessment will measure a company’s existing policies and processes against applicable industry compliance needs (PCI, HIPAA, ISO 27002), local, state and federal regulations (FFIEC, FISMA, NIST 800-53). The results will indicate gaps or deficiencies in a company’s compliance program, such as potential regulatory violations and incomplete data security requirements. Our consultants provide expertise in interpreting, evaluating, and validating control against a standard or framework. They will also recommend how to mitigate the risk. The final Gap Assessment report not only outline all of the gaps that need to be filled but also recommends action items your team can start on for your path to successful certification.
Web Application Security Assessment
WWeb Application Security Assessment
Web Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology which includes:
- Input Validation Attacks
- Cross-Site Scripting Attacks
- Script Injection Attacks (SQL Injection)
- Authentication
- Authorization
- Session Management
- Transport Security
- Error Handling
- Business Logic Testing
- Client-side testing
- Mobile Application Testing
Wireless Attack & Penetration
Wireless Attack & Penetration
Wireless Penetration Test follows best practice in penetration testing methodologies which includes:
- Identity theft (MAC spoofing)
- Caffe Latte attack (Fake Wi-Fi Access Points)
Social Engineering Attacks
Social Engineering Attacks
We offer three core Social Engineering assessments to test human weakness:
- Email Phishing
- Telephone Social Engineering
- CD/USB Thumb Drive Drops