Our Penetration Testing Process
Our penetration testing process is built upon industry-leading methodologies and testing procedures to provide the most thorough evaluation of your environment. Your security engagement is our top priority and primary focus.
Planning
The planning stage includes all the pre-engagement activities needed to conduct the security assessment. Our expert team ensures that each client has a clear understanding of the timeframe, scope, and path to remediation on every engagement.
- Security needs are evaluated
- Rules of engagement are established
- Process and testing procedures are reviewed
Information Gathering
Information gathering is the next foundational step that results in a successful penetration test. Our team gathers varying degrees of information about your organization and attempts to identify critical information to uncover vulnerabilities and entry points within your environment.
- Advanced open-source intelligence gathering
- Scanning and enumeration
- Identifying protection mechanisms
Vulnerability Analysis
During the vulnerability analysis phase, our team identifies targets and maps out potential attack vectors. Any information gathered during the information gathering phase is processed to develop methods of attack during the penetration test.
- Research information gathering data
- Build and strategize attack paths
- Identify exploitability of vulnerabilities
Exploitation
With a map of all possible vulnerabilities and entry points, our consultants focus solely on establishing access to systems or resources by bypassing security controls. The goal is to determine exactly how an attacker could gain access to your environment, what data could be reached, and how detection could be avoided.
- Network, application, and wireless-based attacks
- Validate vulnerabilities through exploitation
- Bypassing security mechanisms
Reporting
Reporting is often regarded as the most critical aspect of a penetration test. The findings and detailed explanations for each vulnerability identified are documented in a usable report format. Each identified vulnerability includes a security risk score with clearly stated remediation steps.
- Identified vulnerabilities are well documented
- Workable report is created
- Comprehensible path to remediation
Remediation
Within a reasonable period following the conclusion of a penetration test, remediation of identified vulnerabilities begins. The duration needed to implement recommendations and corrective actions to mitigate identified vulnerabilities varies based on the complexity of the required tasks. The goal of remediation is to ensure that the solutions that have been put in place have resolved identified security issues.
- Remediate identified vulnerabilities
- Validating remediation efforts
- Discuss future strategy
