|
A Penetration
Test, or Pen Test, is the process of actively testing your
organizations security measures by attempting to penetrate network
security using a variety of measures. It is, in essence, hacking
your organization in order to evaluate and harden the security
measures already in place.
What is tested?
A penetration test
will involve the systematic analysis of all the security measures in
place. A full project should include some or all of the following
areas, with the exact requirements usually being agreed in a formal
scoping document prior to commencing (this list is provided courtesy
of the OSSTMM):
- Network Security
- Network Surveying
- Port Scanning
- System
Identification
- Services
Identification
- Vulnerability
Research & Verification
- Application Testing
& Code Review
- Router Testing
- Firewall Testing
- Intrusion Detection
System Testing
- Trusted Systems
Testing
- Password Cracking
- Denial of Service
Testing
- Containment Measures
Testing
- Information Security
- Document Grinding
- Competitive
Intelligence Scouting
- Privacy Review
- Social Engineering
- Request Testing
- Guided Suggestion
Testing
- Trust Testing
- Wireless Security
- Wireless Networks
Testing
- Cordless
Communications Testing
- Alarm Response
Testing
- Location Review
- Environment Review
|
- Privacy Review
- Infrared Systems
Testing
- Communications
Security
- PBX Testing
- Voicemail Testing
- FAX review
- Modem Testing
- Physical Security
- Access Controls
Testing
- Perimeter Review
- Monitoring Review
 |
Deliverables
After the completion of a penetration test the deliverables will
included a detailed analysis of the methodology used to conduct the
test. The results of the various attempts at compromise as well as
detailed documentation on remediation of any security flaws found.
|
New York
° Washington, DC ° Tampa ° Los Angeles ° Chicago
Boston ° Miami ° Denver ° Albany ° San Francisco ° Los
Angeles
Phone 1-800-868-8189
phone 727-287-6000
FAX: 727-287-6011 |
|
Electronic Discovery