What is penetration testing?

Penetration Testing is a mock cyber-attack on your organization's IT infrastructure. Penetration tests help your business assess risk and get a good understanding of your current security posture. Our security experts tailor each penetration test to the specific needs and goals of your organization.

We believe that one of the root causes of data breaches are vulnerabilities. When a client wants a penetration test, we come in as a malicious attacker and attempt to exploit weaknesses in their IT infrastructure. We use real-world methodologies to discover, exploit and document vulnerabilities so the client can have an advantage against malicious attackers.

What kind of penetration testing services do we offer?

Network Penetration Testing

Is your network protected from eavesdroppers and attackers? Let's put it to the test!

We will act as a hacker who wants to find security flaws in the services you host. Our security experts can tell you what your vulnerabilities are, and how an attacker will exploit them.

Web App Testing

Do you have a new web application that's ready for production? We can help!

We will pose as a malicious attacker that wants to break into your web app. We'll provide the details on any risks, threats and vulnerabilities that affect your application so you can ensure your application is ready for production!

What if I just want to know my vulnerabilities?

We understand that you may not want a full scale penetration test! Not to worry, because we also offer comprehensive Vulnerability Assessments! Rest assured that our security experts will find the vulnerabilities on your IT infrastructure and bring them to light!

What type of penetration test is best for your organization?

How Realistic is a Penetration Test?

We perform penetration tests in three distinct ways, with each having their own levels of realism.

We test with as much information from the client as possible. This is the least realistic option, so this method is for those who need a comprehensive, detailed look at their current security posture. White-Box testing works well for compliance and general understanding of your vulnerabilities.

We test your network Data such as Network Diagrams, Server Host-names and logins are optional. You may give us one or two servers, but the rest must be enumerated through reconnaissance. This provides a good balance between realistic hacking and white-box testing.

The most realistic form of penetration testing. We test from the perspective of a real-life hacker. You give us no information, and we start our testing by finding as many hosts as possible. All hosts that we enumerate will be sent back to the client for verification of ownership before we start our testing.

Types of Network Tests

External Penetration Test

The most traditional form of penetration testing. We will enumerate all externally addressable hosts owned by your company and attempt to break into them. Our goal with external testing is to find all the ways a real attacker would be able to compromise your external servers and devices.

Internal Penetration Test

We do our testing from the perspective of an internal user. This could be an attacker who broke in, or an employee. We will look for the most sensitive vulnerabilities, big or small, that could potentially damage the organizations cyber infrastructure.