Every penetration test is different. Depending upon the goals of the organization and engagement, a penetration test can take anywhere from a few hours to hundreds of hours. Securit360 performs tests following The Penetration Testing Execution Standard (www.penetration-test.org), and supplements with other methods from 1) The Open Source Security Testing Methodology Manual (OSSTMM), 2) Open Web Application Security Project (OWASP), 3) The Penetration Testing Framework (PTF) as well as our own experience and understanding which is then tailored to the specific needs of the client and engagement. We have an arsenal of tools and methods to use as the test develops.
We offer penetration testing for both internal and external networks. Each type of test is slightly different. In an external test, our main two goals are to gain access to the internal network or to discover information that should not be available from the outside. In an internal penetration test, we are trying to learn the layout of the network, identify high-value targets, gain access to systems and exfiltrate sensitive data.
PHYSICAL AND SOCIAL ENGINEERING
We can make multiple social engineering attempts as well as attempts to exploit the physical perimeter. We will work with a client to see what works best considering the organization and usually include tailgating, presentation of false credentials and impersonation of key employees.
- Information Gathering
- Configure Penetration Testing Software
- Testing to ensure accurate results
- Schedule Assessments to minimize impact to productivity
- Test Web Applications with software as well as with manual test
- Compare Assessment Reports to IT inventory for analysis
- Issue Report and Analysis