Keeping The Bad Guys Out
Penetration Testing determines how well your organization’s security policies protect your assets by trying to gain access to your network and information assets in the same way a hacker would. Tests can range from an overview of the security environment to attempted “hacking” with the intent of obtaining investigative information.
TBG Security’s penetration testing services mimic an attacker intent on accessing your organization’s customer data, financial records and other sensitive information. We target a point of entry via your network or application infrastructure’s “weakest link”, which may be visible to employees and partners in addition to external hackers. We then determine the business impact of gaining access to your network and its resources. For each engagement, we work with you to define the attack profiles most appropriate for your organization.
Our penetration tests will reveal:
- How difficult it is to obtain data from outside of the network
- Which information is at risk
- What measures should be implemented to protect your assets
- Network Security Penetration Testing
TBG Security offers comprehensive penetration testing to secure your information assets from attackers both inside and outside your network. A critical complement to vulnerability scanning, penetration testing proves the extent to which vulnerabilities can be exploited.
- Anticipate external attacks
External testing services replicate the kinds of access an intruder could achieve from outside your network, identifying actual attack paths that must be eliminated and providing you with a remediation plan. We not only target servers, but also perform client-side attacks to exploit vulnerabilities found on employee workstations.
- Identify security threats from the inside out
Internal testing services emulate the type of access a person with network privileges could obtain via weaknesses in internal systems. Launching attacks from any network location, we utilize low-security workstations to gain control over other workstations with increasing levels of access. We then attempt to escalate our privileges to those of a system administrator with access to sensitive or confidential data.
- Application Penetration Testing
Application penetration testing uses a three-step process to exploit your application either via authorized access or by compromising access control mechanisms:
- Identify security weaknesses resulting from implementation errors or from the application’s relationship to rest of your IT infrastructure.
- Perform tests on the application’s built-in security measures.
- Log in as a low-level user and obtain unauthorized access rights and privileges.
- At a minimum, we test for the following issues: cross-site scripting, SQL injection, XML injection, path traversal and response splitting.
TBG Security penetration testing services are conducted by experts with extensive testing experience. TBG Security consultants deliver a safe, quality service using manual penetration and automated testing techniques to identify vulnerabilities.
As one of the most experienced security vendors, TBG Security consultants use proven methods that are based on ISO 17799 best security practices and supported by intelligence derived from the TBG Security team.