Penetration Testing & Vulnerability Assessment

Penetration Testing & Vulnerability Assessment

A penetration test mainly consists of a VA, but it goes one step further. A penetration-test is the process of actively evaluating your information security measures by simulating an attack by a malicious hacker.

The results of the assessment will then be documented in a report, which should be presented at a debriefing session, where questions can be answered and corrective strategies can be freely discussed.

Why conduct a penetration test?

From a business perspective, penetration testing helps safeguard your organization against failure, through:

· Preventing financial loss through fraud (hackers, extortionists and disgruntled employees) or through lost revenue due to unreliable business systems and processes.

· Proving due diligence and compliance to your industry regulators, customers and shareholders. Non-compliance can result in your organization losing business, receiving heavy fines, gathering bad PR or ultimately failing. At a personal level it can also mean the loss of your job, prosecution and sometimes even imprisonment.

· Protecting your brand by avoiding loss of consumer confidence and business reputation.

From an operational perspective, penetration testing helps shape information security strategy through:

· Identifying vulnerabilities and quantifying their impact and likelihood so that they can be managed proactively; budget can be allocated and corrective measures implemented.

What can be tested?

All parts of the way that the organization captures, stores and processes information can be assessed; the systems that the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it. Examples of areas that are commonly tested are:

· Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)

· Bespoke development (dynamic web sites, in-house applications etc.)

· Telephony (war-dialing, remote access etc.)

· Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)

· Personnel (screening process, social engineering etc.)

· Physical (access controls, dumpster diving etc.)

An in-depth, comprehensive penetration testing service that evaluates your systems from an external (or internal) perspective. Our penetration testing service employs a combination of proprietary and public domain tools that monitor and alert old as well as recently released vulnerabilities and custom attacks. Using our Security Defense Appliance, we are able to execute scans on Internet-facing perimeter devices as well as the DMZs or internal networks. All scan results are made available via our secure, 24x7x365 web-based Client Resource Portal. The benefits of the penetration testing service include simple to deploy, quick and cost-effective and scalable solutions conducted by experienced security professionals.

Vulnerability Assessment

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. A vulnerability assessment is what most companies generally do, as the systems they are testing are live production systems and can’t afford to be disrupted by active exploits which might crash the system.

E2-Labs Vulnerability Assessment provides in-depth view of the vulnerabilities in networks and systems through the use of more advanced manual techniques. The network is mapped out, simulating a hacker’s attack, to enlist and patch the areas that are vulnerable. Our VA Team reviews given automated scan results to filter out false positives and to develop and perform specific manual tests for obscure and emerging vulnerabilities, which may have escaped detection via automated testing. This combination of automated and human effort ensures an optimal blend of speed and accuracy with quality results.