SecurIT360 offers penetration testing services for both internal and external networks. Depending on the needs of your organization, each test can be tailored to you. With an external test, our main two goals are to gain access to the internal network and determine if there is information available from the outside. When performing an internal penetration test, SecurIT360’s team will try to learn the layout of the network, identify high-value targets, gain access to systems, and exfiltrate sensitive data.
Using both manual and automated techniques, our team can approach your network as a “bad actor” and gather intel on what a criminal might gain access to. Testing can be “best effort” or “comprehensive.”
External Network Penetration Testing – Learn the exterior vulnerabilities of your organization’s network and gain insight into the information criminals could target. Following the PTES3 methodology and using the best-effort testing, our team examines the exterior nodes of your organization’s network to pivot to the network’s interior.
Internal Network Penetration Testing – With this service, testing begins inside your organization’s network. Using either a compromised user or a compromised machine, SecurIT360 gathers information an attacker could gain access to once inside your network.
Web Application Penetration Testing – Using a testing method that focuses on discovering and exploiting flaws, you benefit from getting a view into the flaws of your web application itself.
Mobile Application Penetration Testing – Find out where you stand on mobile application security. Your mobile applications will be tested using both DAST and SAST5 methods. Vulnerabilities discovered during this testing are manually vetted, and exploits are developed where necessary.
Custom Penetration Testing – Any device that can be reached over a network is susceptible to attack and can be tested. Testing such as binary, Bluetooth, radio, etc. will fall under this category. Methodology on this service will be determined based on your case-by-case needs.
Creating an environment for your organization to safely evaluate the performance of your security standards will allow you to take a proactive approach to your network security posture. Exercises generally take the form of a cooperative effort to evaluate the performance of a security metric. While the design of an exercise will be unique, it will always have two common elements: specific metrics to be tested and coordination with the customer.
Red Team Exercises – Red Team exercises are designed to simulate specific attacks with the end goal of assessing the defensive capability of an organization. In this type of exercise, the offensive team does not have a line of communication with the defensive team. Communication is handled through a facilitator at at your organization.
Purple Team Exercises – Purple Team exercises have the same goal as above, to assess the defensive capability of your organization. The difference is that both teams will be in real-time communication with each other and work as a pseudo team to achieve the goal.
Tabletop Exercises – Tabletop Exercises are a verbal or written simulations where your team is walked through a scenario and asked questions to determine their level of readiness for specific attacks. The goal is to determine where processes and procedures can be improved.
Consulting services are a hands-off engagement designed to aid in achieving your security goals. Have experts sit down with you and review your documentation, processes, or goals to improve where you need to be.
Architecture Reviews – Most reviews of this type will involve the desire to understand your risks or improve your security posture of a specific element within the technical stack of your organization.
Security Stack Design – Security Stacks are several layered technology components that work together to create a secure condition within an organization. This service will analyze all fragments and their configurations and determine what can be changed to improve the security of the combined elements.
Appsec Assessments/DevSecOps – Application Security Assessments will involve an intense study of your current capabilities and serve as a guidance on where and how you should implement more security checkpoints in the development cycle.
SecurIT360 understands that developing an environment consisting of expert security staff is hard to achieve. Gathering individuals with expertise in application security, hardening code, or DevSecOps to protect your security posture can be a daunting task. Solving this problem is a core goal of SecurIT360’s DevSecOps services.
DevSecOps – the marriage of Development, Security, and Operations. This term embodies the concept of “baking in” security and operations alongside the development effort. This effort is also known as “shifting left”. This concept is used to push security closer to the developer and empower them to solve security problems before it reaches the security team.
SecurIT360 understands that all DevOps shops are different. Every CI/CD pipeline is unique to your application’s story. Because of this, each integration is independent and can be used anywhere in the SDLC that makes sense. Our team will work with you on a combination of integrations that make sense to you and your specific needs.
Planning – Integration
Static Application Security Testing (SAST) – Integration
Dynamic Application Security Testing (DAST) – Integration
Penetration Testing – Integration