Penetration testing provides insight into quantitative security like few other activities can.
While there are very good reasons for statistical approaches to quantifying risk (such as cost-effectiveness!), penetration testing can inform on actual vulnerabilities by leveraging the same tactics, tools and techniques used by threat actors and provide those results directly to the folks who can fix them.
We guarantee the trustworthiness of our people and make every effort to treat your data responsibly (end-to-end encryption, two factor authentication, principal of least privilege, etc.)
Because of the extensive experience of our consultants, we are able to work through your target environment thoroughly and efficiently.
Our deliverables are clean and communicate well. We offer, as a standard component of every engagement, interactive sessions with our consultants to explain findings and recommendations to the satisfaction of your technical teams.
Web applications are critical to businesses, non-profits, NGOs and governments. So many of the ways our lives are streamlined and enriched today are the result of well-crafted web apps. For instance, the ability to order toilet paper on Amazon or even conveniently pay your property taxes and medical bills is the result of web technology.
Web application engineers, system and network administrators, however, are largely driven to create functionality in the shortest possible time frame. Despite their best intentions, they can sometimes miss how functionality can be abused by ill-intentioned individuals to harm the organization. Examples of such abuse abound and include two of the more famous data breaches of the last five years: the Panama Papers Breach and the Equifax breach.
Our web application assessments fall into three categories:
These assessments are conducted with full knowledge and participation from the web application, systems, and network engineers of the customer. TVG comes alongside to review the network, system and security architecture, source code, and final product. Assessment results are shared upon confirmation of an issue while recommendations are communicated early and documented for all to see. This is, by far, the best approach to application assessments and provides the most value to the customer.
In this case, the customer shares basic (e.g. lowest privilege level) login information for each major business function of the website, but does not share source code, system,or network architecture information. These tests are often used to assess the security posture of an application written by a third party. They can help quantify risk for the customer and, in many cases, broker conversations with the application author.
As the name suggests, in this case, TVG is presented with a website address (via the engagement waiver) and no other information. There are various reasons why this type of assessment is used that often involve such non-technical drivers as the realities of the client’s interdepartmental politics, etc
We will be happy to answer any additional questions you might have. Feel free to contact us anytime.
Network penetration assessments look at part or all of your company’s digital footprint from a ‘hacker’ perspective.
These tests typically include vulnerability scanning, web application penetration, system vulnerability exploits, and data gathering.
In other words, the same activities your environment probably experiences on a daily basis – but with the added advantage of your ability to benefit from knowing exactly where your organization is at risk.
Penetration attempts can be risky, whether performed illegally by a bad actor or proactively as a key element to your security strategy. At the Vizius Group, we have processes and procedures in place to make sure that our assessments are done in a responsible manner. From coordinating the activities with your team, agreeing on safety protocols and protecting the data we collect with strong encryption – we handle every engagement with due care.
Our penetration assessments are conducted by veterans of the industry. We have a body of mature processes to make sure that we provide a comprehensive engagement.
While no engagement can claim to cover every scenario, we work to provide the best possible overview of your externally facing security posture.
Every engagement provides clear and actionable intelligence. We are committed to providing every customer with all of the detail they need to understand the security posture of their organization and the specific steps required to improve it.
Certified: GCIH, GSEC, GMON
Education: BS – Chemistry, Clemson University, Completed PhD coursework in Quantum Theoretical Chemistry – Georgia Institute of Technology, Completed PhD coursework in Statistical Mechanical Theoretical Chemistry – Clemson University.
Areas of Focus: Secure Coding, statistical modeling, penetration testing, security architecture