Penetration Testing

What is penetration testing?

Simply put, it is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. It is performed by an ethical hacker in a controlled environment.

What Questions Does a Penetration Test Answer? 

  • Does my IT environment measure up to audit standards such as PCI regulations?
  • Can a hacker get to our internal and systems data from the Internet? 
  • Can you simulate real-world tactics and identify what an automatic vulnerability scan misses?
  • Is my web-hosting site and service providers connected to my network as securely as they say they are? 
  • Is my email traffic available for others to see? 

What are Some Common Objectives of a Penetration Test? 

  • Provide auditors with necessary information to obtain industry certification and meet requirements.
  • Provide management with an understanding of the current level of security risk from Internet-accessible services.
  • Provide recommendations and enough detail to facilitate a cost-effective and targeted mitigation approach.
  • Create a basis for future decisions regarding IT strategy, requirements, and resource allocation.

What is the Penetration Testing Process of Caesium55?

  1. Reconnaissance
    Identification of all system, data, and network components that fall within scope of the penetration test.
  2. Enumeration
    Determination of application and network level services in operation for all identified assets.  This includes a port scan of all 65,536 (including port 0) TCP and UDP ports of assets that fall within scope. 
  3. Research and Evaluation
    Determination of the vulnerabilities, bugs and configuration concerns with all systems. Flaws identified in any of these three areas can lead to system compromise.
  4. Penetration Testing Analysis
    For each issue or concern identified above, we escalate, validate and then determine the impact of these on your network. This is used to develop findings along with impact descriptions and recommendations that take into account your individual business and network environment. i.e. throw away the false positives and create an actionable penetration testing report.
  5. Reporting
    Findings are consolidated into a professional report that can be provided for audit purposes or distributed internally to remediate issues.
  6. Repetition
    Caesium55 feels strongly that the job isn’t complete until all findings are remediated.  We will work with your IT team to ensure that all findings are remediated and will re-assess your environment, targeting the initial findings, to ensure that the holes have been fixed.