PENETRATION TESTING

Stop Cyber Attacks in their Tracks with Penetration Testing

The number of ways hackers have to break into your network and wreak havoc is multiplying and putting a significant burden on your IT’s ability to protect your business

GET A $1,000 CREDIT TOWARDS YOUR FIRST PENETRATION TEST

Your Business is Under Constant Threat

Hundreds of millions of records containing sensitive information are compromised monthly, putting your network, your devices, and your data under constant risk. What is worse, according to Inc. Magazine, 60% of organizations go out of business within six months of a cyber attack.

What is a Penetration Test?

Penetration testing, or pen testing, is an authorized simulated cyber attack on a computer system and network that is used to evaluate the security of a company’s IT.

The test is performed to identify both weaknesses or vulnerabilities, including the potential for unauthorized parties to gain access to systems and data. A penetration test can help determine whether a system is vulnerable to an attack, if the defenses in place are sufficient, and which defenses (if any) the test defeated.

How exposed are your systems?

If you answer NO to any of these questions – contact us today.

PEOPLE

Are they trained to recognize poor security practices?

Are they able to be bastions for the protection of your organization?

PROCESS

Do you have processes and procedures in place & documented?
Can you prove your processes to a Security Auditor?

TECHNOLOGY

Are you keeping up with the latest advances regarding security?
Is your infrastructure outdated? Can it be adequately maintained?

Know your exposure, prevent attacks.

SCHEDULE YOUR PENETRATION TEST

Internal and External

Penetration Testing Approach

SCAN AND ENUMERATE TARGETS

Perform external vulnerability scan
Perform internal vulnerability scan (utilizes STN’s SecureSensor Appliance)
Determine possible attack vectors

LEVERAGE ATTACK VECTORS

Exploit to gain elevated privileges
Network surveying, port scanning, system identification, services identification
Vulnerability exploitation
Password cracking
Manually validate scan data and exploit vulnerabilities with manual and automated tools
Network surveying, port scanning, system identification, services identification.

DETAILED REPORTING

Provide a detailed report of the attack vectors found and a report if the assessor was able to gain elevated privileges and recommendations for remediation.

Remediation is available on a time and materials basis
Provide Attestation as required
Includes follow-up scan of initial vulnerabilities found to validate remediation efforts

Web and Mobile Application Penetration Testing

The tester will conduct discovery, exploration and investigation of the web site and web application features such as port scanning, identifying services and configurations, spidering, application flow charting and session analysis.

Application Penetration test is performed from the perspective of Authenticated user.

SCHEDULE YOUR PENETRATION TEST

Cross Site Request Forgery, Cross Site Scripting and Client Injection Attack

The tester will attempt to exploit the web application for Cross Site Request Forgery, Cross Site Scripting and Client Injection attacks using automated tools and custom techniques to discover and exploit vulnerabilities.

Web Application Authentication Attacks

The tester will develop custom tools (scripting) to enumerate users and bypass and exploit weak authentication.

Web Application Configuration Testing

The tester will use automated programs and custom scripting to identify flaws in the design or implementation in the configuration of the web site.

Web Application Overview

The tester will attempt to exploit the web application for the technologies, programming languages and structures that are involved in the construction and implementation of the web site such as HTTP, HTTPS and AJAX within the context of security, vulnerabilities and basic operation.

Web Application Session Management

The tester will attempt to discover how the web application manages client sessions, tracks user activity and uses SSL/TLS in its web communications and demonstrate attacks that can be leveraged against flaws in session state.

Web Application SQL Injection Attacks

The tester will utilize tools and techniques required to perform web application security testing on web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.

Custom Scripting

The tester will develop custom tools (scripting) to exploit internal and external. Web Application Firewall evasion with custom programming techniques.

Reporting

Provide a detailed report of the attack vectors found and a report if the assessor was able to gain elevated privileges and recommendations for remediation.

Remediation is available on a time and materials basis
Provide Attestation as required
Includes follow-up scan of initial vulnerabilities found to validate remediation

You cannot be confident about the implementation of your security controls without testing them first and the best way to test your security controls is to simulate what the bad guys would do to evade or circumvent your security controls.

Chris Akenson, CISO, STN

Get Secure Today

The best way to evaluate the risks of system misconfigurations based on the results of a simulated attack.

SCHEDULE YOUR PENETRATION TEST

Public Cloud Penetration Testing

Most companies do not configure the security of their public cloud hosted applications correctly. Whether you’re running serverless, containerized, or on Infrastructure as a Service, STN will put your security to the test. STN’s team is uniquely skilled to test your applications hosted in the public cloud and help you reduce your attack surface and improve your security.

MAKE SURE YOUR CLOUD IS SECURE