Penetration Testing

There's nothing like the real thing; a penetration test is as real as it gets. Like a vulnerability assessment, a penetration test validates host and network configurations to produce a list of known vulnerabilities on in-scope systems. However, a penetration test goes a step further by mimicking a real-world attack, exploiting vulnerabilities to gain access to your email systems, firewalls, routers, VPN tunnels, web servers, and other devices.

With user penetration testing, our security experts identify the information assets at risk. We will obtain a prioritized list of actionable items to address. Depending on your maturity, our testing services help address your security while meeting all compliance requirements.

How Penetration Testing Works

A technical network security assessment is designed to identify critical flaws in your network that an attacker could exploit. Testing may include any networked device, including firewalls, routers or other network infrastructure devices; intrusion detection and prevention systems; web servers; email systems; virtual private networking (VPN) systems; etc. We will use a combination of automated and manual scanning with commercial and publicly available tools, as well as custom scripts and applications that we have developed.

The types of vulnerabilities typically detected by this testing include:

  • Microsoft Windows, Linux and Unix operating system vulnerabilities and patches
  • Known and published host application and service vulnerabilities, such as Apache, Microsoft Internet Information Services (IIS), IBM WebSphere, etc.
  • Simple Mail Transfer Protocol (SMTP) email servers
  • Remote access services, such as SSH, Telnet, RDP
  • Other servers, such as NTP, FTP, SSL wrappers, etc.
  • Network device vulnerabilities, such as firewalls, VPNs, routers
  • Thousands of other vulnerabilities Automated tools can greatly assist in reducing work effort and costs associated with repetitive and time-consuming tasks, but manual techniques and analysis are also performed in each step to have the greatest understanding of your environment. Manual validation of findings reduces false positives; manual vulnerability testing reduces false negatives. False positives on a report lead to wasted effort in remediation. False negatives can expose an organization to risk of intrusion.

Enumeration and Vulnerability Mapping

Intruders don't always sneak in through the back door; they often slip through the most frequently opened doors before they shut behind you.

Enumeration involves actively trying to identify running services, used applications, version numbers, service banners, etc. Testing in this phase is noticeably more active, which might reveal that we are performing reconnaissance activities that typically precede an attack.

Invulnerability mapping, DJPaA will take what has been learned about the environment and attempt to determine vulnerabilities that are present. Some vulnerabilities will be apparent using only the information learned from the first two steps. However, many vulnerabilities can only be investigated with probe-and-response testing. In this test, we send data to a service or application and looks for a certain response that indicates a possible vulnerability.

Automated scanning tools occasionally fail to report some vulnerabilities, so we conduct additional manual testing, which does not rely on automated scanning. A testing methodology that solely relies on automated scan results can give a false sense of security.

Vulnerability Validation and Exploitation

Automated scanning tools often report false positives, which are reported vulnerabilities that are not actually present. For vulnerabilities discovered through automated scanning, we take steps to ensure that report findings are an accurate representation of your environment. Without this often-overlooked step, time may be wasted attempting to remediate vulnerabilities that don't exist.

The exploitation phase of a penetration test focuses solely on establishing access to a system or resource by bypassing security restrictions. The goal is to further validate vulnerabilities by executing known exploits and observing the results. DJPaA will devise and develop possible attacks and testing methods. We will give more emphasis to attacks that cannot or typically have not been carried out by automated means, as well as those that would expose you to the highest risk (reputation, direct loss, liability, compliance) if compromised by a malicious attacker.

As appropriate, testing will include various attacks, such as buffer overflows, format string attacks, arbitrary code execution and default credentials. We may also attempt customized attacks, which may be unique to your systems or configurations. However, we will not perform Denial of Service (DoS) attacks, brute forcing passwords, complex password guessing, or other high-impact/low-value testing without specific written approval.

A Note on Web Applications

Web applications are characteristically the most vulnerable applications, and DJPaA has services designed to thoroughly test and assess web application security. If we find web applications in the IP address range within scope for this project, we will perform testing on the web application server, not on the application itself. This testing should not be considered a comprehensive or focused test of your web application.

Get a Quote

Testimonials

"David has impressed me with his ability to maintain a high degree of security knowledge in a field that is constantly changing."
-Timothy M. Opsitnick
"His record of corporate successes in a highly competitive cybersecurity environment speaks for itself."
-Carlos Fernandes
Purcellville, Virginia
" In particular, he provided the core capability we needed to execute a recent cybersecurity assessment for the U.S. Department of Energy (DOE)."
-Ranson J. Ricks
Indianapolis, Indiana