Simulating real-world security incidents by exploiting weaknesses will help you truly quantify the impact they will have on your business. A penetration test (also referred to as ethical hacking) is a real world security test that determines how well your security defenses are protecting your IT assets. The security tester coordinates with you to outline the objectives for testing; but the most common goal is to gain unauthorized access to IT assets and subsequently access to confidential data before the bad guys do. The testing approach is often driven by the objectives of the organization as well as a clear definition of which security defenses are to be tested. VioPoint can perform a variety of services during a penetration test engagement:
- Wireless penetration test
- Network penetration test
- Web application penetration test
- Social engineering (phishing, phone calls, removable device planting)
Approach
Our expertise in performing penetration services extends across many industries including healthcare, finance, energy, manufacturing, and education-based sectors. Our testers stay current on the latest threats to IT assets through ongoing research and simulated testing techniques. We can quickly identify the path of least resistance and are well versed in ‘what works’.
VioPoint uses Core Impact as the primary tool for penetration testing. Core Impact can be used for web application penetration testing, client-side testing (phishing) and network based penetration testing. Penetration testing services are often combined with vulnerability scanning and/or social engineering, since a device multi-vector approach is typically the best representation of an actual breach.
Results
Penetration testing helps address your concerns about the actual impact an attack could have on the organization. By effectively conducting these tests, VIOPONT will provide both details and a plan to effectively reduce risk:
- Determine if vulnerabilities are truly exploitable and articulating the real risks of actual compromise.
- Test and validate technical, administrative and operational risks.
- Enumerate the various weaknesses in various layers of defense.
- Identify what data is at risk from compromise.
- Validate detection and correction capabilities (did technology devices and/or staff members detect and respond to the attack?)
- Provide real world recommendations for mitigating the various weaknesses discovered during the test.
Related Security Offerings
These related service offerings may also be of interest to you:
