Penetration Testing
MethodologyHackers seeking to compromise your data do not utilize commercial scanners that cost tens or hundreds of thousands of dollars. Our unique penetration testing methodology uses only manual and script-targeted attacks to identify weaknesses in perimeter or internal security.
Critical Assets tests commonly known vulnerabilities, various iterations and patch levels of those vulnerabilities, as well as common misconfigurations. This approach will better align your organization for other technical controls which are required during the process of complying with various standards, such as PCI-DSS - providing a framework for measured response. The Payment Card Industry Data Security Standard mandates that organizations who handle cardholder data must perform external, internal, and web application penetration testing, specifically:
- 6.6 - For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by reviewing public-facing web applications via manual or automated application vulnerability security assessment tools.
- 11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a subnetwork added to the environment, or a web server added to the environment).