act-sample-bg33.jpg

Penetration Testing

Penetration Testing Services

Penetration Testing is a critical component to your information security program. Whether you are conducting internal or external penetration testing, identifying critical exploits and remediating them in a timely fashion could mean the difference between becoming a victim of a data breach or fending off an attack. 

Our Penetration Testing services, whether it is a white box test or a black box test, follow industry best practices and methodologies, such as the Open Source Security Testing Methodology Manual (OSSTMM) and the National Institutes for Standards and Technology (NIST). These methodologies  ensure a complete and consistent approach to testing while identifying potential threats, pinpointing the devices that could be compromised, and provide you with a detailed, prioritized remediation plan so you can bolster your defenses, before an attack comes your way!

Our Penetration Testing methodology is comprised of the following steps:

AnalysisCompass will analyze the system(s) in scope for testing and obtain as much information before conducting the test as possible.

Scanning: In this phase, Compass will conduct vulnerability scanning to identify any potential vulnerabilities and/or exploits present on the target(s). The vulnerabilities identified in the vulnerability scan will be further researched to determine whether the exploit code exists. If exploit code is available, the code will be used to exploit the vulnerability and penetrate the host.

Testing: Compass will conduct penetration testing, using various methodologies, to determine the exploitability of the target(s). All testing will abide by the Rules of Engagement document that is created by Compass in collaboration with your organization that will outline testing expectations, procedures, and methodologies that will be used to perform the penetration test.

Reporting: Compass will provide you with multi-level reporting to satisfy all of the key stakeholders in your organization. For your technical team, we will provide a detailed technical report outlining the methodology used, the vulnerabilities identified, if penetration was successful, and specific remediation strategies to mitigate your risk and patch the vulnerability. For your executive team, we will provide a high-level overview of the overall process that was used, any significant risks that were uncovered, and the overall risk level to the organization.


Web Application Penetration Testing

Web Applications are one of the most significant points of vulnerability in organizations today. Web application holes have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. The number of computers compromised by visiting web sites altered by attackers is too high to count.

To combat this rising risk, Compass IT Compliance offers Web Application Penetration Testing to assist organizations with understanding their vulnerabilities and providing them with a remediation plan to mitigate their risk. The Compass Web Application Penetration Testing services can include any of the following, based on your specific needs and requirements:

  • Application Vulnerability Assessment
  • Application Penetration Testing
  • Network Penetration Testing
  • Secure System Development LifeCycle Assessment
  • Static Code Review
  • Dynamic Code Review

Compass utilizes industry best practices and methodologies for Web Application Penetration Testing, including the Open Source Security Testing Methodology Manual (OSSTMM) and the National Institute for Standards and Technology (NIST). These methodologies ensure a complete and consistent approach to the assessment of Web Applications.

Why Compass?

Organizations and government agencies of all sizes choose Compass to assist with their Penetration Testing needs. The reasons why are simple:

  • Our Team - Our team of highly trained security professionals are the best in the business. We work with you and your team to provide detailed, actionable results that you can use to mitigate your risk. In addition, our security professionals carry industry leading certifications such as CISSP, CEH, CISA, GWAPT, etc. 
  • Our Process - We start each engagement by outlining what the expectations of all team members are, what the testing will include, and the testing hours based on your unique business needs. We work to conduct our testing and provide our detailed reporting in a timely fashion so you can remediate any vulnerabilities. If during our testing we find high-risk vulnerabilities, we will immediately notify you to determine the best course of action to mitigate your risk.

Let Compass assist your organization in assessing any risks present through our Penetration Testing Services so you can Secure your systems, Comply with compliance requirements, and Save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.


Penetration Testing Blog Posts

Security Assessment Services Brochure

Brochure 1