PENETRATION TESTING

Stop Cyber Attacks in their Tracks with Penetration Testing

The number of ways hackers have to break into your network and wreak havoc is multiplying and putting a significant burden on your IT’s ability to protect your business

GET A $1,000 CREDIT TOWARDS YOUR FIRST PENETRATION TEST

Your Business is Under Constant Threat

Hundreds of millions of records containing sensitive information are compromised monthly, putting your network, your devices, and your data under constant risk. What is worse, according to Inc. Magazine, 60% of organizations go out of business within six months of a cyber attack.

What is a Penetration Test?

Penetration testing, or pen testing, is an authorized simulated cyber attack on a computer system and network that is used to evaluate the security of a company’s IT.

The test is performed to identify both weaknesses or vulnerabilities, including the potential for unauthorized parties to gain access to systems and data. A penetration test can help determine whether a system is vulnerable to an attack, if the defenses in place are sufficient, and which defenses (if any) the test defeated.

PEOPLE

Are they trained to recognize poor security practices? Are they able to be bastions for the protection of your organization?

PROCESS

Do you have processes and procedures in place & documented?
Can you prove your processes to a Security Auditor?

TECHNOLOGY

Are you keeping up with the latest advances regarding security?
Is your infrastructure outdated? Can it be adequately maintained?

Know your exposure, prevent attacks.

Internal and External

Penetration Testing Approach

SCAN AND ENUMERATE TARGETS

  • Perform external vulnerability scan
  • Perform internal vulnerability scan (utilizes STN’s SecureSensor Appliance)
  • Determine possible attack vectors

LEVERAGE ATTACK VECTORS

  • Exploit to gain elevated privileges
  • Network surveying, port scanning, system identification, services identification
  • Vulnerability exploitation
  • Password cracking
  • Manually validate scan data and exploit vulnerabilities with manual and automated tools
  • Network surveying, port scanning, system identification, services identification.

DETAILED REPORTING

Provide a detailed report of the attack vectors found and a report if the assessor was able to gain elevated privileges and recommendations for remediation.

  • Remediation is available on a time and materials basis
  • Provide Attestation as required
  • Includes follow-up scan of initial vulnerabilities found to validate remediation efforts

Web and Mobile Application Penetration Testing

The tester will conduct discovery, exploration and investigation of the web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.

Application Penetration test is performed from the perspective of Authenticated user.

Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack

The tester will attempt to exploit the web application for Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks using automated tools and custom techniques to discover and exploit vulnerabilities.

Web Application Authentication Attacks

The tester will develop custom tools (scripting) to to enumerate users and bypass and exploit weak authentication.

Web Application Configuration Testing

The tester will use automated programs and custom scripting to identify flaws in the design or implementation in the configuration of the web site.

Web Application Overview

The tester will attempt to exploit the web application for the technologies, programming languages and structures that are involved in the construction and implementation of the web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.

Web Application Session Management

The tester will attempt to discover how the web application manages client sessions, tracks user activity and uses SSL/TLS in its web communications and demonstrate attacks that can be leveraged against flaws in session state.

Web Application SQL Injection Attacks

The tester will utilize tools and techniques required to perform web application security testing on web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.

Custom Scripting

The tester will develop custom tools (scripting) to exploit internal and external. Web Application Firewall evasion with custom programming techniques.

Reporting

Provide a detailed report of the attack vectors found and a report if the assessor was able to gain elevated privileges and recommendations for remediation.

  • Remediation is available on a time and materials basis
  • Provide Attestation as required
  • Includes follow-up scan of initial vulnerabilities found to validate remediation

Placeholder for black background quote with CTA

Public Cloud Penetration Testing

Most companies do not configure the security of their public cloud hosted applications correctly. Whether you’re running serverless, containerized, or on Infrastructure as a Service, Redhawk will put your security to the test. Redhawk’s team is uniquely skilled to test your applications hosted in the public cloud and help you reduce your attack surface and improve your security.

Placeholder for self assessment software content block

Get in touch

Schedule Your Risk-Free Consultation

Contact us today to speak with an expert about your specific needs.

Stay in the Cloud

Sign Up for Our Newsletter

Sign up for our monthly newsletter for to stay up to date.

Copyright © 2020 STN Inc. All Rights Reserved.