Penetration Test aka Pen Test
Dedicated to the endgame - protecting your organization. Experienced and certified engineers will target your network just like an attacker would – with hacking techniques to gain unauthorized access. The goal is to find, verify, and document gaps in your security so you can proactively remediate them before they are exploited by an attacker. This provides valuable insight into your security posture, allowing you to:
- Comply with security regulations, such as HIPAA, PCI, SOX, GDPR, etc.
- Find and remediate vulnerabilities before they are found by attacker
- Meet contractual requirements covering data security
- Secure new applications and systems before wide deployment
- Demonstrate best practices – regular testing is part of a robust security program
- Rest easy knowing skilled “white hats” interrogated your systems
Custom tools, commercial scanners, and an extensive library of code written by Webfargo engineers are all used during a penetration test. This is important - a commercial scanner alone will not identify many of the vulnerabilities in today's custom software. Experienced pen testers have mountains of code they compile over time.
Communication is key with penetration tests. Starting with project definition and expectations all the way through testing, it is imperative to have effective communication. Reports from Webfargo contain details about the testing as well as remediation steps written in clear English so that you can remediate vulnerabilities as efficient as possible.
Penetration Test versus Vulnerability Assessment:
Penetration tests and vulnerability assessments are sometimes used interchangeably, however it is important to know the differences. A true penetration test is exploitative, meaning once a vulnerability is found that vulnerability is exploited to gain system access. Vulnerability assessments follow a stricter methodology performing a number of steps and documenting each potential vulnerability without actually exploiting the vulnerabilities.
Designed to meet each customer’s specific security needs, our methodology revolves around techniques commonly employed by attackers, including:
- Discovery and information gathering
- Attack surface identification
- Determine OS, applications and versions of each
- Test for broken authentication
- Gaining access and privilege escalation
- Account traversal
- Pivot between hosts
- Attempt to access files, databases
- Web application/SQL injection testing
- Wireless hacking
- Phishing testing
- Document all efforts and discoveries
Penetration tests can be used as a standalone service or combined with a cybersecurity audit or vulnerability assessment as part of a more extensive security review. Our experts will take the time to understand your goals and budget so you have confidence the project will meet or exceed your business and technical objectives.