Introduction
A company can use different tools and methods to find the vulnerabilities in its IT infrastructure, but none of them can guarantee that hacker will use this or that particular entry. We take penetration testing seriously and go beyond just indicating vulnerabilities. We simulate realistic targeted attacks with combination of internal and external penetration tests.
We search for vulnerabilities, creating weaknesses in the corporate IT infrastructure security. To identify external and internal vulnerabilities we use automated tools and enhance them with manual hacking methods when necessary.
A penetration test, or a pentest for short, identifies weaknesses in the corporate network security and network infrastructure elements. It analyses external and internal threats and vulnerabilities with automated tools to check, if the penetration, including manual hacking methods, is possible.
Upon completion of penetration test its results will be presented in the detailed report including description of vulnerabilities, their criticality level assessment, and essential recommendations on their elimination.
Goals of Penetration Testing
- Conduct general testing of customer’s information security efficiency and meet compliance requirements for different standards and regulations such PCI DSS etc.
- Identify vulnerabilities and their exploits, especially, publicly available.
- Develop recommendations to eliminate vulnerabilities or minimize connected risks.
- Check if and how local network can be accessed from outside.
- Check if confidential information is available only for authorized users.
- Check if users can escalate their privileges without authorization.
Testing Process
Each our customer is offered an individual testing methodology and set of tools to be used. In vast majority of cases best industry practices, frameworks and tools such as NIST, OSSTMM, OWASP, Nessus, Burp Suite, Kali Linux utilities, will be used as a basis for pentesting.
Different testing models, Black, Grey and White, will be used as well. Mostly, we combine them to run thorough examination of the current information security posture of the customer. Starting from the outside attack on the customer’s public resources (Black Box), we continue our attack adding more information and access rights provided by the customer (Grey and White Box). These methods combined allow for compiling a comprehensive pentest report describing methodology, objects, vulnerabilities and their criticality levels, and last but not least, recommendations on elimination of vulnerabilities.
What You Get
Even if you are not under some compliance requirements, you just can not ignore information security threats today. Any serious incident damaging company’s reputation or compromising your clients’ data or safety can seriously harm your business.
Using Trilight Security penetration testing services you will be sure that your information security posture is tested by qualified and experienced specialists using modern methodologies and tools. You will have all necessary information and recommendations to reduce risks of information leaks and unauthorized access to sensitive information.
Get Sample Penetration Test Report by Us
Penetration testing is a new must for businesses of all sizes. We use different comprehensive tools, methodologies and models for pentesting. DOWNLOAD our penetration test report sample and learn more.