ON-DEMAND PENTEST

Your team can proactively test your internal and external security controls and assess your infrastructure for vulnerabilities and weaknesses that can be used to compromise and gain unauthorized access to your environment by conducting a self-managed penetration test using a comprehensive security scanning solution with the latest threat intelligence. A series of real world attack simulations will be performed against the assets that you configure within the solution and any identified risks or vulnerabilities will be highlighted in a detailed vulnerability report with remediation guidance. Your team can then work to resolve the findings and then rescan your infrastructure to confirm that any identified security risks and vulnerabilities have been addressed. Once the assets are secured from all known high and medium vulnerabilities a certified pass report can be accessed and used to meet your audit, regulatory and compliance requirements.

Our battery of security management benchmarks are rigorous and uncompromising. Some of the high level analysis and performance evaluation stages that are conducted by the OnDemand Penetration testing include the following:

• Reconnaissance encompasses passive and active reconnaissance tactics to identify and evaluate your network topology, active hosts, IP addresses, installed operating systems, open network ports, and all installed security devices.
• Analysis entails performing application mapping, network scanning/fuzzing, and vulnerability analysis. It effectively identifies all applications running behind open network ports and their degree of potential vulnerability The Analysis stage typically involves running SQL Injection, Code Injection, Code Execution, Directory Traversal, and Cross Site Scripting against the web applications to expose any security anomalies.
• Penetration employs the data derived from the Analysis stage to exploit the determined weak points of your network to attempt to gain access. Typically, the Penetration phase focuses primarily on vulnerabilities revealed for network services and externally facing web applications.
• Information. This phase generates alerts once a vulnerability has been successfully exploited. A system restore is immediately performed to return the network to its previous state prior to the intrusion. A detailed report is generated on all areas of your enterprise for assessing how and why the intrusion was successful.
• Finally, the Documentation phase reflects all testing results, all intrusions, the areas of the system that were compromised during an intrusion, intrusion-resistance recommendations, and qualitative analysis reports of each security mechanism employed on your network.