Do You Think Your Assets Are Secure?
Penetration testing consists of a detailed and proven methodology which focuses on target identification, foot printing, and server and service vulnerability identification. The focus of this evaluation is to take a “hackers eye view” of your infrastructure. We perform detailed port and vulnerability scanning and build upon our findings from these tests by adding specific tools and techniques based on our findings. We use different tools based on what services are found to be within our target of evaluation. The tools we use are the same ones that the bad guys use, and performing this sort of test helps to better determine the risk posture of your front door.
TBG Security believes in a phased approach to vulnerability management and penetration testing. We have perfected our methodology over many years and have come up with this approach which if flexible yet comprehensive.
Detailed Penetration Testing tasks include:
- Targeting / Foot printing – we begin by identifying hosts to be included in our target of evaluation. Sometimes this information is provided upfront; other times we must use technical means to discern the addresses of live hosts to test.
- Enumerate – Once we have a detailed list of targets, we will port scan them to identify available services on each target.
- Vulnerability scanning – we then feed results from the enumeration step into our commercial vulnerability scanner and perform automated an automated vulnerability assessment with no impact to the operating environment where the targets are housed.
- Penetration testing – At this point, we perform automated and manual penetration testing. We’ll leverage information already gleamed through the vulnerability scans, our operational knowledge of the environment we are working in, common manual hacking techniques and the use of many additional tools (both open source and commercial) to attempt actual exploitation of known or perceived vulnerabilities.
- Detailed application testing – Optionally, we can perform a deep-dive penetration test against individual applications where added diligence is warranted or required. An application penetration test takes a more detailed look at the systems, architecture, and workflow of the application being tested..
For more information on how TBG Security can fill your CISO needs contact our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.