Pen Testing

Professional Pen Testing Services

A Penetration Test is performed by a Certified Ethical Hacker in order to evaluate the security of your company’s IT infrastructure. By safely attempting to exploit the vulnerabilities of your network, applications, databases, people and more, we find the leaks in your system before a problem occurs. Because these ethical hacking tests are carried out by skilled professionals, we are able to uncover risks that would be impossible to detect with simple scanning software.

A “Pen test” is often performed in many steps, including external pen tests (looking into your network through the eyes of an outside, anonymous internet hacker) and internal pen tests (examining the risk posed by your employees and other individuals with inside access to your network). Blind testing is also an option, in which limited information is given to the team performing the test, or even double blind testing, in which very few people at the organization are aware of the test.

ISO COMPLIANCEWILL REFER YOU TO a leader in penetration testing and vulnerability assessment !). We have been providing the most advanced ISO 27001 consulting, ISMS consulting, and more since 2001 and have helped A myriad of companies validate that they are secure and their business critical information is safe. As an industry leader, we are committed to maintaining the highest levels of training and certifications for all of our security testing experts.

Have a question? Contact us and we will reply as soon as possible.

You can also call us directly-ISO COMPLIANCE()

We offer a comprehensive array of penetration testing services to make it simple for you to validate that all avenues of access to your critical data are secured. Tap on the following tabs to explore our menu of offerings.

What is a Network Penetration Test?

Network vulnerability assessments and penetration tests are intended to validate that your external (public) and internal (private) computer systems are secure. It highlights vulnerabilities and/or provides a measure of the probability that the vulnerabilities can be exploited (and if so what the impact would be to your organization).

Benefits of Network Penetration Testing

Pro-actively classifies your system’s weaknesses without actually compromising it, and demonstrates compliance with relevant standards, laws and regulations (HIPAA, PCI DSS, NERC, etc.).

Frequently Asked Questions

1. Why do we need Penetration Testing?

Your company could use Penetration Testing to:

Confirm that your environment is as secure as you believe

Prove to a third party that an environment is secure and trustworthy

Quickly assess the security of a less mature control environment (in a sense, a technical risk assessment)

After a major change (e.g., the installation of a high risk system/application) to ensure that the security controls are operating as intended

2. What is a Penetration Testing tool?

Our testers often carry dozens of tools and will select which tools to use based on the type of test and the specific technologies that you are running. Common Penetration Testing tools include:

Vulnerability scanners (e.g., Nessus, Qualys, NTO Spider)

Automated exploit engines (e.g., Metasploit Professional, Canvas)

Password Crackers (e.g., John the Ripper)

Sniffers/proxies/tamper tools (e.g., BurpSuite, Cain & Abel)

3. How does Penetration Testing work?

Generally, pen tests have two distinct phases: In the first “reconnaissance” phase, the tester gathers as much information as possible to achieve the objectives of the engagement. This is often done using a vulnerability assessment tool. This can be helpful in discovering how vulnerable your system is. In the second “exploit” phase, the tester will leverage vulnerabilities identified during the “reconnaissance” phase. This gives you a measure of how likely it is that your vulnerabilities can be exploited and if so, what the impact is to your organization.

4. How long does Penetration Testing take? Will it shut down our office?

Simple penetration tests in a smaller company may last a day or less. Larger tests for a global enterprise could extend over multiple weeks. When done properly, penetration testing is unlikely to cause serious disruptions in your business. However, it is impossible for any reputable pen testing company to guarantee a test completely free of disruption. We do not use Denial of Service testing, un-tested tools, or un-validated exploit code. In 12 years, less than 5% of our tests have caused minor disruptions, such as a short period of slowed network traffic.

We pride ourselves on keeping your business up and running.

5. Will Penetration Testing involve our employees?

ISO COMPLIANCE only involves your employees if your objectives include testing incident detection (e.g., we are assessing whether your Security Operation Centre is paying attention) or if you want your team to work collaboratively with our test team to learn about Penetration Testing.

6. What kind of reporting will I receive?

We provide formal reporting on the testing process including a gap analysis, relevant findings, and a mitigation roadmap for addressing vulnerabilities and strengthening your network. Where possible the report will also include: