Penetration Testing includes attempting to actively access your system, documenting that process and then assisting your business in defining a preventative plan to prevent future attacks to your enterprise environment. By analyzing your security measures for technical flaws, design weaknesses and vulnerabilities, and by identifying those gaps in security we can deliver a comprehensive report that provides the next best approach for your organization to take to avoid a data breach. Penetration Testing is sometimes referred to as network penetration testing, web penetration test, application penetration test, ethical hacking, black box testing, white box testing or white hat testing. Our certified CISSPs provide the best and most extensive penetration testing services to help secure your business.

PCI-DSS or Payment Card Industry Data Security Standard is a required standard set forth by the PCI DSS Council requirement for any service provider or a merchant dealing with credit card transactions. PCI Scanning has been introduced to prevent credit card fraud and reduce the risk of data exposure. Penetration tests are required by the PCI-DSS for service providers or merchants with a high volume of credit card transactions. Review our PCI FAQ to see whether your organization is required to perform penetration testing. There are also other regulatory committees that require frequent penetration testing such as SOX, GLBA - FFIEC , HIPAA, FISMA, and NERC. Industry best practices also warrant regular penetration testing to ensure that computing components aren’t vulnerable to internal or external threats.

One working day is all it takes to begin the process of securing your business, while adhering to your regulatory requirements. Once your request for a quote is received, we’ll contact you to schedule a online demonstration. For urgent, last-minute requests, you can also order an online self-serve On-Demand Pentest and begin your penetration test shortly after your purchase. Although this is not a penetration test is not run by a CISSP, it can serve as an indicator to your regulatory committee that you are on the correct path towards discovering vulnerabilities and addressing them.

We require about one week of lead time, however we have honored last-minute requests that were reasonable to execute (small network footprint, few applications, etc). We do our best to accommodate your network security needs with our onsite team of CISSPs. If you’re under a tight deadline and absolutely need same-day service, you can subscribe to our On-Demand Pentest and perform a self-serve Penetration Test.

Depending on the size and depth of your penetration testing requirements, the test can take between 1-10 business days to schedule. We make every effort to provide information and a schedule to you well in advance. Keep in mind that you will also need to coordinate resources and personnel on your end to ensure that the penetration testing occurs without any hitches.

Although every effort is taken to ensure that our penetration testing is not disruptive, there are instances that warrant additional attention. Some older servers, operating systems, or software that hasn’t been properly patched may freeze up during the testing procedure. We coordinate our efforts according to your schedule and can accommodate testing after peak hours or run a varied and flexible testing schedule. It’s always best to have a member of your team be able to readily access mission critical servers while the penetration testing is in progress. It’s best to discover and eliminate any weaknesses during the penetration test, rather than ignore the situation and allow a malicious user to gain access and disrupt service.

Absolutely, yes. The final report defines how to correct all the security gaps discovered by our thorough test and evaluations. If your organization needs to make any changes in logic or if additional settings are required our report will tell you. With our analysis report, your developer can implement any code changes and your system administrator can change any settings. Our report shows any security weaknesses and guides you to efficiently correct them and maintain regulatory compliance. With this method, your developers can test the fixes themselves before we initiate our second test to make absolutely certain your site is secure and all issues have been resolved.

Sure. We’ll work all year long to properly secure your business network. Since no website or application is static, we can provide you the support and guidance you need under rapid advances or changes to your system. New security threats are being identified all the time and your organization’s application security measures need to be examined to fully protect the way you do business today. Testing more frequently is a requirement under some regulatory conditions, and we can accommodate any schedule of testing you need whether monthly, quarterly, or semi-annually. Many of our clients perform their quarterly testing with us, but, of course it’s your choice and we’re here to meet the needs of your business not ours.

Our experienced CISSP personnel perform a complete security examination and analysis to uncover security gaps that no tool by itself can find. Our tests combine the efficiency of automation with the accuracy and depth that can only be provided by an intelligent, experienced and certified Security Engineer. That means that our results are far more accurate and detailed than any software product can achieve. Also, your CISSP may perform additional penetration testing at varying levels of depth and frequency, according to your systems specifications. Some other penetration tests that aren’t applicable or might trigger an unwanted event (server reboot) may be omitted from the procedure, if the CISSP decides they are too risky appropriate. Although it’s one of the most powerful engines, our On-Demand Pentest can’t replace our qualified in-house CISSPs.

Our list of tools is extensive, and includes enterprise, proprietary in-house Clone Guard® and open source tools. Some of the tools we utilize fall under the following categories: Access Control Tools, Cryptography Tools, DNS Tools, Fingerprint/OS Detection Tools, Firewall Tools, Hijacking Tools, HTML Tools, IDS Tools , NetBIOS Tools , Novell Tools, Windows-Specific Tools , Password Cracker Tools, Packet capture Tools, Phone Tools, Discovery Tools, Promiscuous Mode Detection Tools, Port Scanners , Root Kits , Sniffers , Steganography Tools , VPN/Tunneling Tools, Vulnerability Scanners, Password Word Lists, Exploitation tools.

We’ve tested thousands of applications, our vast experience and commitment to service allows us to support the following industries:

Banking, Insurance , Securities Brokerage, Investment Banking , Securities Trading, Investment Management, Securities Analysis, Financial Planning, eCommerce, Payment Gateway, Billing Systems, Pharmaceutical R&D, Pharmaceutical API, Pharmaceutical Drug Delivery, Food Wholesale, Online Gaming, Medical and Healthcare, B2B Software, Chemical R&D, Credit Services, and many more.