Penetration Testing is a critical component to your information security program. Whether you are conducting internal or external penetration testing, identifying critical exploits and remediating them in a timely fashion could mean the difference between becoming a victim of a data breach or fending off an attack.
Our Penetration Testing services, whether it is a white box test or a black box test, follow industry best practices and methodologies, such as the Open Source Security Testing Methodology Manual (OSSTMM) and the National Institutes for Standards and Technology (NIST). These methodologies ensure a complete and consistent approach to testing while identifying potential threats, pinpointing the devices that could be compromised, and provide you with a detailed, prioritized remediation plan so you can bolster your defenses, before an attack comes your way!
Our Penetration Testing methodology is comprised of the following steps:
Analysis: Compass will analyze the system(s) in scope for testing and obtain as much information before conducting the test as possible.
Scanning: In this phase, Compass will conduct vulnerability scanning to identify any potential vulnerabilities and/or exploits present on the target(s). The vulnerabilities identified in the vulnerability scan will be further researched to determine whether the exploit code exists. If exploit code is available, the code will be used to exploit the vulnerability and penetrate the host.
Testing: Compass will conduct penetration testing, using various methodologies, to determine the exploitability of the target(s). All testing will abide by the Rules of Engagement document that is created by Compass in collaboration with your organization that will outline testing expectations, procedures, and methodologies that will be used to perform the penetration test.
Reporting: Compass will provide you with multi-level reporting to satisfy all of the key stakeholders in your organization. For your technical team, we will provide a detailed technical report outlining the methodology used, the vulnerabilities identified, if penetration was successful, and specific remediation strategies to mitigate your risk and patch the vulnerability. For your executive team, we will provide a high-level overview of the overall process that was used, any significant risks that were uncovered, and the overall risk level to the organization.
Organizations and government agencies of all sizes choose Compass to assist with their Penetration Testing needs. The reasons why are simple:
- Our Team - Our team of highly trained security professionals are the best in the business. We work with you and your team to provide detailed, actionable results that you can use to mitigate your risk. In addition, our security professionals carry industry leading certifications such as CISSP, CEH, CISA, GWAPT, etc.
- Our Process - We start each engagement by outlining what the expectations of all team members are, what the testing will include, and the testing hours based on your unique business needs. We work to conduct our testing and provide our detailed reporting in a timely fashion so you can remediate any vulnerabilities. If during our testing we find high-risk vulnerabilities, we will immediately notify you to determine the best course of action to mitigate your risk.
Let Compass assist your organization in assessing any risks present through our Penetration Testing Services so you can Secure your systems, Comply with compliance requirements, and Save time, money, and resources in the process. Contact Us today to discuss your unique situation. Secure. Comply. Save.