Penetration Testing and Vulnerability Assessment
“The biggest risk that an organization can face is assuming that they are secure when in fact they are vulnerable”.
What type of penetration test do you want performed? For organizations new to penetration testing, we recommend starting with an external network penetration test, which will assess your Internet-accessible systems in the same way that an attacker anywhere in the world could access them. Beyond that, there are several options:
Network Penetration Testing
Our research driven Network Penetration Testing services are specifically designed to test entire IT Infrastructures or just individual component of IT network architecture like router, firewall, servers and client end devices. These services are ideal for HIPAA/HITECH, PCI/DSS, and other similar requirements. Typically, we start these types of assessments with only a network connection on the corporate networks, but a common variant is what we call an “Insider Threat Assessment,” where we start with one of your standard workstations and a standard user account.
Web Application Penetration Testing
Our Web Application Penetration Testing services are specifically designed for testing single Web Application, or entire application farms. These services are ideal for HIPAA/HITECH, and PCI DSS requirements 6.6 and 11.3.2. A review of custom web application code for security vulnerabilities such as access control issues, SQL injection, cross-site scripting (XSS) and others are part of this service. These are best done in a test or development environment to minimize impact to the production environment.
Wireless Penetration Testing
Wireless Attack and Penetration Testing are strategic and isolated attacks against the client’s wireless systems. Secure Beans consultants will simulate hacking and attempt to identify, exploit, and penetrate weaknesses within these systems. A detailed security assessment also includes a survey of the location looking for unauthorized (“rogue”) wireless access points that have been connected to the corporate network and are often insecurely configured.
Social Engineering Penetration Testing
The Social Engineering Penetration Testing is designed to mimic attacks that social engineers with malicious intent will use to breach organization. We employ a number of techniques to include all methods of phone, Internet-based, and onsite physical engagements. Our Social Engineering Penetration Testing service includes a full report of findings and mitigation recommendations which will be confidentially debriefed to your executive staff and security team.
Mobile App’s Security Assessment
Our team is dedicated to helping today’s leading companies deliver secure mobile apps faster and more efficiently. Secure Beans has created a research-driven mobile testing methodology that incorporates guidance from the OWASP Application Security Verification Standard. Secure Beans’ mobile security testing provides verification and validation across all major control categories, including authentication, session management, access control, malicious input handling, cryptography at rest, and much more.