PENETRATION TESTING

A Penetration Test (often called a Pen Test or Ethical Hack) examines the entire customer environment for vulnerabilities, at all levels of the infrastructure to include the network, operating systems, and common application services. Testing a company's systems and networks by mimicking these types of attacks identifies potential avenues of exploitation before malicious individuals use them. Security testing is one of the most proactive measures a business can take to help defeat malicious activity. Penetration Testing also helps provide business leaders the knowledge required to understand the impact a successful attack might have on their business operations and, in turn, can help validate the effectiveness of existing security controls, and justify additional security related investment.

Service Summary

  • Vulnerability Identification with exploitation
  • Tests all levels of the infrastructure
  • External (via the Internet) or internal testing
  • Detailed recommendations to reduce risks
  • Business analysis provides executive perspective
  • Meets PCI annual Pen Test requirements - see PCI Pen Test Service for more information

Methodology



Clear Skies' methodology includes extensive technical testing using the most current attack vectors and specialized analysis of findings to provide a comprehensive view of the risks associated with each vulnerability. Clear Skies will examine the entire environment for as many vulnerabilities as possible, at all levels of the infrastructure including the network, operating systems, and common application services. Technical testing techniques include both automated scanning to find common issues, as well as full, manual exploitation attempts to simulate the same activities a hacker would. Any vulnerabilities found through the automated scanning process are also manually verified to ensure the issues are truly a risk to the organization.
Upon completion of the testing all identified vulnerabilities are documented with a detailed description of the issues, as well as recommended corrective actions to help eliminate the risks going forward. Each vulnerability's risk is evaluated from business and technical perspectives, and an overall risk rating is provided. If any exploitation is successful, a detailed step-by-step narrative explaining how the exploits actually worked and what data could be compromised is provided. Screen captures are utilized to document and showcase the entire process so that the issues may be re-created, if necessary.