Penetration Testing

Penetration testing services detect both permitted, and unwanted communications.Penetration Testing (or Pen Testing) is the testing of Computer networks, systems, Web and Mobile Applications to find the vulnerabilities that attackers could exploit.

Penetration Testing should be accomplished annually, or within 30 days after making or introducing changes to the enterprise.  New vulnerabilities are discovered continuously, therefore testing is essential to insure that new vulnerabilities are not introduced into the environment.

Most computer security incidents can be traced back to weaknesses in software that were inadvertently put there when the code was developed. Attackers can – and very often do – find and exploit such weaknesses as a means to attack your enterprise applications. Before you ship or procure another software application, you need to assess if weaknesses in its source code put your enterprise at risk.

What many do not know is that SAST tools are specialized, and each tends to focus on just a subset of the universe of possible weaknesses. No single SAST tool finds even a majority of the weaknesses in software. The Center for Assured Software’s 2010 benchmarking study revealed that the average SAST tool covers only 8 of 13 weakness classes, and finds only 22% of the flaws in each weakness class. So your average SAST tool is likely to find only 14% of the vulnerabilities in your code. And each tool tends to find different classes of weaknesses: there is little overlap between the results of different tools.

Whether your need a Black Box Test, or a Full on review of the environment such as a White Box Test, our experienced professionals are able to analyze and validate your design, controls, and security is properly in place.

Many companies use the automated tools to perform a Rapid Scan.  Our Professionals are able to employ their own assessments using Manual techniques as well, Dynamic Analysis, as well as implementing a correlation of the results to show the effectiveness of the assessments.  If you only are finding 14% of the issues, how effective is your current process?

Penetration testing allows us to explore your environment and show you the issues that an attacker would use to gain access to your environment.

IT Security tests across a broad spectrum of risk areas including:

  • Web applications & services
  • Endpoint systems
  • Passwords & identities
  • Mobile devices
  • Wireless networks
  • Network systems

Contact Us today for more information.

Contact Us Today