Penetration testing provides insight into quantitative security like few other activities can.
While there are very good reasons for statistical approaches to quantifying risk (such as cost-effectiveness!), penetration testing can inform on actual vulnerabilities by leveraging the same tactics, tools and techniques used by threat actors and provide those results directly to the folks who can fix them.
We guarantee the trustworthiness of our people and make every effort to treat your data responsibly (end-to-end encryption, two factor authentication, principal of least privilege, etc.)
Because of the extensive experience of our consultants, we are able to work through your target environment thoroughly and efficiently.
Our deliverables are clean and communicate well. We offer, as a standard component of every engagement, interactive sessions with our consultants to explain findings and recommendations to the satisfaction of your technical teams.
Web applications are critical to businesses, non-profits, NGOs and governments. So many of the ways our lives are streamlined and enriched today are the result of well-crafted web apps. For instance, the ability to order toilet paper on Amazon or even conveniently pay your property taxes and medical bills is the result of web technology.
Web application engineers, system and network administrators, however, are largely driven to create functionality in the shortest possible time frame. Despite their best intentions, they can sometimes miss how functionality can be abused by ill-intentioned individuals to harm the organization. Examples of such abuse abound and include two of the more famous data breaches of the last five years: the Panama Papers Breach and the Equifax breach.
Our web application assessments fall into three categories:
Yes, these providers do have great security. They are, however, providing infrastructure akin to a well-crafted automobile. Think of your web application as the driver of that automobile. If it drives into a wall at 55 miles/hour, the results will be catastrophic.
The applications built on these excellent platforms host your company’s/customer’s data, confidential business processes, and competitive edge. If the application is vulnerable, the underlying platform that ensures its availability to authorized users will not differentiate providing that same availability to unauthorized ones.
You may not. If your website serves primarily as an Internet-accessible brochure, you trust the maintainers to have good backups and you run regular scans to check for new vulnerabilities, then we wouldn’t recommend a security assessment.
If, however, your website provides some important business function, process automation, or customer service –then you probably do. This is why standards like PCI, HIPAA, COBIT, etc. require periodic security assessments. Web applications can be complex and typically involve multiple building blocks not authored by the application creator. With all these additional components and complexity comes inherent risk and an imperative to quantify that risk.
We will be happy to answer any additional questions you might have. Feel free to contact us anytime.
Network penetration assessments look at part or all of your company’s digital footprint from a ‘hacker’ perspective.
These tests typically include vulnerability scanning, web application penetration, system vulnerability exploits, and data gathering.
In other words, the same activities your environment probably experiences on a daily basis – but with the added advantage of your ability to benefit from knowing exactly where your organization is at risk.
Our penetration assessments are conducted by veterans of the industry. We have a body of mature processes to make sure that we provide a comprehensive engagement.
While no engagement can claim to cover every scenario, we work to provide the best possible overview of your externally facing security posture.