Internal Penetration Testing examines the security surrounding internally connected systems; typically, within a corporate network. Internal Attack & Penetration tests the security of internally connected systems from various vantage points, such as posing as normal users within the office building, remote users, third party service providers, and business partners. Internal Penetration Testing involves including and exploitation of actual known and unknown vulnerabilities from the perspective of an inside attacker. Such testing usually includes attempts to breach the target both an authorized user with varying levels of access or as an unauthorized individual with physical access. The test demonstrates if there are weaknesses in traditional access control mechanism, network segmentation is effective, and whether network monitoring services and responses are timely and decisive. The test report designed for both executive/board level to show the high-level risk and technical staff/IT teams to show issue details and options for remediation.

Internal Penetration Test follows documented security testing methodologies which can include:

• Port Scanning and System Fingerprinting
• Services Probing and Vulnerability Identification
• Manual Vulnerability Testing and Verification of Identified Vulnerabilities
• Exploit Research and Service Exploitation
• Application Layer Testing
• Firewall and ACL Testing (Data Exfiltration testing)
• Lateral Movement
• Administrator Privileges Escalation Testing
• Password Strength Testing

External Penetration Testing tests the security surrounding externally connected systems from the Internet, as well as within a Corporate Network. Controlled tests are used to gain access to the DMZ and ultimately to the internal resources; by bypassing the firewalls from the Internet. External Penetration Testing involves the finding and exploitation of known and unknown vulnerabilities from the perspective of an outside attacker. The test also shows if any weakness traditional firewall or other third-party monitoring services and their response. The report generated as the output of this work is designed for both the executive to show the high-level risk and technical staff/IT teams to show issue details and options for remediation.

External Penetration Test follows the penetration testing execution standard (PTES) which includes:

• Pre-engagement Interactions
• Intelligence Gathering using Open-source intelligence (OSINT)
• Threat Modeling
• Vulnerability Analysis
• Exploitation
• Post Exploitation
• Reporting

Our Web Application Security Assessment will help to identify the weaknesses and potential threats to your web application. Our professionals simulate hacker's actions to seek security holes in your web application, helping your web application to defend against OWASP Top 10 vulnerabilities. The ultimate of this type of assessment/ penetration testing goal is to gain as much unrestricted access to sensitive information as possible, including administrator level rights, fully enable access over routers and switches and access to sensitive data residing on the internal systems. The test also shows if any weakness in Web Application firewall or other third-party web filtering services and their response. The report generated as the output of this work is designed for both the executive/board level to show the high-level risk and technical staff/IT teams to show issue details and options for remediation.

Web Application Testing methodology is based on the Open Web Application Security Project (OWASP) methodology which includes:

• Input Validation Attacks
• Cross-Site Scripting Attacks
• Script Injection Attacks (SQL Injection)
• Authentication
• Authorization
• Session Management
• Transport Security
• Error Handling
• Business Logic Testing
• Client-side testing
• Mobile Application Testing

Wireless Penetration Tests are strategic and isolated attacks against the client's systems. Our consultants will simulate a hacker and attempt to identify, exploit, and further penetrate weaknesses within wireless systems. Wireless Penetration Tests will evaluate risk related to potential access to your wireless network. We will detect access points and devices from various areas located outside and within the facilities. A concept called "war-driving" allows attackers to use automobiles to collect sensitive information from far distances and attack critical systems. Simulations utilizing war-driving, as well as performing an on-site Internal Attack and Penetration Test if the wireless network is breached, will be conducted. The report generated as the output of this work is designed for both the executive to show the high-level risk and technical staff/IT teams to show issue details and options for remediation.

Wireless Penetration Test follows best practice in penetration testing methodologies which includes:

• Identity theft (MAC spoofing)
• Caffe Latte attack (Fake Wi-Fi Access Points)

Social Engineering is a technique that relies on weaknesses in human nature, rather than vulnerability in hardware, software, or network design. Attacks are successful because they target basic human nature. The test also shows if any deficiency in the service provider’s email filtering services and their response. The report generated as the output of this work is designed for both executive/board level, and technical staff/IT teams to show the importance of the Security Awareness program.

We offer three core Social Engineering assessments to test human weakness:

• Email Phishing
• Telephone Social Engineering
• CD/USB Thumb Drive Drops