Penetration Tests
TruShield's Penetration Testing services differ from our vulnerability assessment services in that our certified experts in Ethical Hacking actually attempt to exploit the vulnerabilities to determine what information is actually exposed. Almost all regulations including GLBA, NCUA, FFIEC, HIPAA and PCI require or recommend independent penetration testing, not just because it is good practice, but because it is often the only safe way to determine what vulnerabilities an attacker is truly able to exploit.
Standard Penetration Test (Internal and External)
The main objective of our comprehensive Penetration Test is to discover any vulnerability in system implementation that an attacker can actually exploit to gain entry to our client's systems. Our Penetration Test requires the bare minimum information about the environment, usually just the IP addresses of the systems to be tested. Our security experts are at the forefront of new exploit research and discovery and work from the perspective of a potential attacker by identifying the highest value targets and systematically working across all attack vectors to highlight your organization's most critical risks. The testing is performed using a penetration testing tool kit which includes many of the most popular commercial and open source hacking tools. Due to the specialized skillset required for this type of assessment, Penetration testing must be performed by highly trained and experienced security engineers. The results of a penetration test will be free of false positives and false negatives - TruShield will highlight only those vulnerabilities we were actually able to exploit. Our report will include very specific instructions on closing any holes in your external-facing networks. We can also perform additional types of penetration testing: testing of internal network interconnections; discovery and assessment of unauthorized wireless networks; and social engineering techniques to gauge the efficacy of your security awareness training program. An Internal Penetration Test mimics the actions of a malicious insider exploiting weaknesses in network security without the usual dangers.
Application Penetration Test
Our Application-level penetration testing applies to websites, web applications, thick client applications, mobile applications and software appliances. Through testing and code analysis, we can discover a broad range of application vulnerabilities, including Buffer Overflows, Cross Site Scripting, Cross Site Request Forgery, SQL Injection, code Injection, Information Remnance and Disclosure, and privilege escalation. As part of our services, we also recommend strategies and techniques to correct the problems we discover, including code modification, policy development and enforcement and implementation of a Security Development LifeCycle.
Methodology
- Manual Vulnerability Testing and Verification
- Firewall and ACL Testing
- Intrusion Detection/Prevention System Testing
- Password Aging and Strength Testing
- External Network Scan for Know Trojan/Hacker Ports
- Internal Network Scan for Know Trojan/Hacker Ports
- Remediation Retesting to ensure implementation of recommended controls
- Manual Configuration Weakness Testing and Verification
- Application Layer Testing
- User Rights Testing
- Network Equipment Security Controls Testing
- Database Security Controls Testing
Primary Products
Industries of Operation
Additional Services
Policy Center
Need a password, incident response, or change control policy………no worries, we have done the hard work for you.
Rent-a-CSO
Our Chief Information Security executives could manage every aspect of your information security for your organization. Our expert will design and implement your day-to-day security strategy for less than the cost of a part-time employee.