Penetration Testing is a critical component to your information security program. Whether you are conducting internal or external penetration testing, identifying critical exploits and remediating them in a timely fashion could mean the difference between becoming a victim of a data breach or fending off an attack.
Our Penetration Testing services, whether it is a white box test or a black box test, follow industry best practices and methodologies, such as the Open Source Security Testing Methodology Manual (OSSTMM) and the National Institutes for Standards and Technology (NIST). These methodologies ensure a complete and consistent approach to testing while identifying potential threats, pinpointing the devices that could be compromised, and provide you with a detailed, prioritized remediation plan so you can bolster your defenses, before an attack comes your way!
Our Penetration Testing methodology is comprised of the following steps:
Analysis: Compass will analyze the system(s) in scope for testing and obtain as much information before conducting the test as possible.
Scanning: In this phase, Compass will conduct vulnerability scanning to identify any potential vulnerabilities and/or exploits present on the target(s). The vulnerabilities identified in the vulnerability scan will be further researched to determine whether the exploit code exists. If exploit code is available, the code will be used to exploit the vulnerability and penetrate the host.
Testing: Compass will conduct penetration testing, using various methodologies, to determine the exploitability of the target(s). All testing will abide by the Rules of Engagement document that is created by Compass in collaboration with your organization that will outline testing expectations, procedures, and methodologies that will be used to perform the penetration test.
Reporting: Compass will provide you with multi-level reporting to satisfy all of the key stakeholders in your organization. For your technical team, we will provide a detailed technical report outlining the methodology used, the vulnerabilities identified, if penetration was successful, and specific remediation strategies to mitigate your risk and patch the vulnerability. For your executive team, we will provide a high-level overview of the overall process that was used, any significant risks that were uncovered, and the overall risk level to the organization.
Web Applications are one of the most significant points of vulnerability in organizations today. Web application holes have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. The number of computers compromised by visiting web sites altered by attackers is too high to count.
To combat this rising risk, Compass IT Compliance offers Web Application Penetration Testing to assist organizations with understanding their vulnerabilities and providing them with a remediation plan to mitigate their risk. The Compass Web Application Penetration Testing services can include any of the following, based on your specific needs and requirements:
Compass utilizes industry best practices and methodologies for Web Application Penetration Testing, including the Open Source Security Testing Methodology Manual (OSSTMM) and the National Institute for Standards and Technology (NIST). These methodologies ensure a complete and consistent approach to the assessment of Web Applications.
Organizations and government agencies of all sizes choose Compass to assist with their Penetration Testing needs. The reasons why are simple:
Let Compass assist your organization in assessing any risks present through our Penetration Testing Services so you can secure your systems, comply with regulatory compliance requirements, and save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.