Knowledge without sacrifice.

Services

High Rigor
Penetration Testing
Medium Rigor
Penetration Testing
Vulnerability Assessment
Host(s)
Application(s)
Solution(s)
Network(s) Wired and/or Wireless
Company
Please click on a yellow triangle for detailed information about the service provided.

Other Consultation


Services Details

High Rigor Penetration Testing

Solution(s): Target solutions for high rigor penetration testing can include all hosts and associated applications within a solution for a given target. The solution can be web based, a mobile application and associated services, a client server application, etc. An example of which could include a web front end, application and database server. This can be thought of as a combination of a network (as it relates to the target devices), host and application level penetration test to encompass the entirety of the attack surface.

As a result of the amount of time required to conduct an assessment for a solution, high rigor penetration testing against a solution will have a longer duration than a medium rigor penetration test of the same solution. The intent is to provide you, the client, with more options for the depth of analysis weighed against the cost of execution for security assessments.

The results of this type of engagement will include a combination of automated scanning and manual analysis. The majority of the time will be spent in the manual analysis of network communications (as it relates to target devices), hosts, and associated applications to attack the solution from all angles. The success of this engagement will be in the combination of views during execution against the solution; i.e. an external view of the solution, an internal view of the solution, as well as unauthenticated and authenticated views. This will ensure full coverage and visibility which will translate into a higher probability of discovering more security gaps.

Network(s) Wired and/or Wireless: Target networks for high rigor penetration testing can include a representative subset of IT Infrastructure and hosts and associated applications within a given network (which can include wireless IT infrastructure) for a given data center, network provider, or company. An example of which could include penetration testing of a DMZ whereupon the selected targets chosen would include firewalls, switches, appliances, servers, etc. that would be tested whereupon findings could be used to implicate issues throughout the organization. Another example could be in the wireless IT infrastructure and an associated subset (representative of the environment) of infrastructure available treating the wireless access point as a pivot. One final example could include more breadth than depth in testing a networks functional and security devices and associated controls; i.e. DNS, proxy, remote access, e-mail, etc. on a smaller scale (also a subset that is representative of the environment).

One of the main points in ensuring that this is the proper assessment is in the chosen targets and associated hardening throughout the target environment. The more implications that can be made from the chosen test targets the more value that can be attributed to the security assessment.

The results of this type of engagement will include a combination of automated scanning and manual analysis. The majority of the time will be spent in the manual analysis of network communications, IT Infrastructure, hosts, and associated applications to attack the network from all angles. The success of this engagement will be in the combination of views during execution against the solution; i.e. an external view of the solution, an internal view of the solution, as well as unauthenticated and authenticated views. This will ensure full coverage and visibility which will translate into a higher probability of discovering more security gaps. The difference between a solution penetration test and the network is where a solution is bounded by the exact IP addresses of targets, the network level would include pivots to other IT Infrastructure with the goal being to illustrate the extent of infiltration in the network and information obtainable from the environment.

Company: This assessment can be thought of as a high rigor penetration test against a network or solution with a company’s external presence added for discovery, analysis and inclusion in all phases of penetration testing. This type of assessment should be considered by companies concerned with information leakage of sensitive information in social media, technical blogs, search engines, archiving services, etc. Also to be considered for scope in understanding presence are activists who may be targeting a company for advanced persistent threat (APT) with the following goals; intellectual property theft, brand tarnishing and/or asset defacement (websites), or financially damaging activities. The final perspective is one of open source intelligence gathering utilizing search engines to understand the ease at which information can be obtained for exploitation against a company using readily available and known avenues of discovery.

The results of this type of engagement will mirror that of the chosen high rigor network or solution penetration test; but as mentioned previously will also include analysis and report-out of the external presence of a company as it relates to the internet at large.

Medium Rigor Penetration Testing

Application(s): Target applications for medium rigor Penetration Testing can include web applications where the primary concern is in the security of application itself; where the host and potential security devices and/or controls are not relevant to the target test environment. This is ideal for a security assessment where the target environment is not a mirror of production for hosting, process, and/or controls in code versioning, patching and maintenance, etc.

In this assessment web application automated scanning will be a starting point; manual analysis of a representation of all functionality within the application will only be partially directed by the results of the automated scanning.

An application based medium rigor penetration test can be thought of as a focused and manual security assessment of the application.

The results of which would be a report created by primarily manual testing and analysis with included automated scanning results to ensure full coverage and depth.

Solution(s): Target solutions for medium rigor penetration testing can include all hosts and associated applications within a solution for a given web application. An example of which could include a web front end, application and database server. This can be thought of as a combination of a host based vulnerability assessment and an application based penetration test.

As a result of the amount of time required to conduct an assessment for a solution, medium rigor penetration testing against a solution will have a shorter duration than a high rigor penetration test of the same solution. The intent is to provide you, the client, with more options for pricing and associated services.

The results of this type of engagement will include a combination of automated scanning and manual analysis. The majority of the time spent will be manual analysis to find themes within the applications functionality to test for better coverage within a limited window.

Vulnerability Assessment

Host(s): Target hosts for Vulnerability Assessments can include network and security infrastructure, server and client operating systems and associated applications. The larger portion of the scanning efforts can be executed in an automated authenticated or unauthenticated manner or both to provide the desired view of the security of the target devices or to maximize visibility and remediation and/or mitigation of found security gaps. Manual scanning and analysis will be done to augment any gaps identified in the automated portions of the scanning effort.

An infrastructure based vulnerability assessment can be thought of as a general health assessment of patching and configuration including network layer components, operating system hardening, and common application patching and configuration.

The results of which would be a report created by primarily automated scanning and analysis with manual intervention where necessary to provide a human contextual/intelligent view to ensure full coverage and depth.

Application(s): Target applications for Vulnerability Assessments can include web applications where the primary concern is in finding themes of problem areas in the application that can be discovered with guided and intelligent automated scanning and subsequent analysis. The larger portion of the scanning efforts can be executed in an automated authenticated (if applicable) or unauthenticated manner or both (if applicable) to provide the desired view of the security of the target devices or to maximize visibility and remediation and/or mitigation of found security gaps. Manual scanning and analysis will be done to augment any gaps identified in the automated portions of the scanning effort.

An application based vulnerability assessment can be thought of as a dynamic general health assessment of the application and its security profile.

The results of which would be a report created by primarily automated scanning and analysis with manual intervention where necessary to provide a human contextual/intelligent view to ensure full coverage and depth.