Every penetration test is different. Depending upon the goals of the organization and engagement, a penetration test can take anywhere from a few hours to hundreds of hours. Securit360 performs tests following The Penetration Testing Execution Standard (www.penetration-test.org), and supplements with other methods from 1) The Open Source Security Testing Methodology Manual (OSSTMM), 2) Open Web Application Security Project (OWASP), 3) the Penetration Testing Framework (PTF) as well as our own experience and understanding which is then tailored to the specific needs of the client and engagement. We have an arsenal of tools and methods to use as the test develops.
At Securit360, we use a formalized, comprehensive vulnerability assessment methodology that provides detailed reports and analysis of the status of your IT systems. This method combines best-of-breed tools with thorough processes and experienced experts. We layer in our experience as credentialed business and technology professionals throughout this methodology and issue a formal report that can be presented to clients and partners.
Our vulnerability assessments review the footprint of a client’s network against the most common published vulnerabilities. We provide more than just an automated report; we provide analysis and statistics that allow you to know exactly where to focus your remediation efforts. We don’t just look at a vulnerability and report it the way a scanner labeled it, we consider the probability that it could be exploited as well as the potential impact the business. The enables clients to focus their efforts on the areas that matter most.
Web application testing differs from vulnerability scanning because we can take a look at web app specific functionality and weaknesses. The OWASP Top 10 sets a standard for web application development security. This list has been the same for many years because applications continue to be plagued by the same weaknesses. Even the most secure networks can be compromised by a web application with basic security flaws.
It is much easier to penetrate a network if you coax a user to invite you in. The proliferation of email in everyday life has made this an easy vehicle for Hackers. Spam filtering software has kept up well at discovering viruses and malware in emails, but what if the email is coming from an actual human. What if the attacker knows some information about your company as well as your users? Could they take advantage of a user and trick them into divulging sensitive information? How do you know if you don’t test your users?
Signup for InfoSec News & Alerts
HIPAA Security Rule