Understanding an environment is the most crucial part of a penetration test. It is the piece of the testing puzzling in which all other pieces hinge. Without a proper understanding not only of WHAT systems compose a networking system, but of WHY each system is a crucial part of that environment, a complete understanding of what tests to use is not achieved. This is why we choose to examine all 65,536 (including port 0) TCP and UDP ports of any system on a network rather than just the top 1,024 well known ports. If even a singe port is missed on any system then the picture of what the network really looks like can be radically skewed. Our objective is to not only understand what assets you have; but to see logically why those assets were chosen and how they are used in your environment before a single test is performed.
There are many automated testing tools on both the commercial and open source market and we employ many of these during our testing processes to create a “best-of-breed” testing methodology. However; just because a tool discovers a finding doesn’t always mean that that finding is accurate or is a true threat to your network. Each and every vulnerability discovered that represents a potential exploit to your environment, either through automated or manual testing procedures, is researched thoroughly and manually exploited (with the exception of exploits that could cause harm or render your network non-responsive) to obtain proof that the exploit should be remediated.
We offer both network and web application testing along with external or internal vulnerability assessments. Many audit regulations require not only a penetration test to be performed; but also evidence that vulnerabilities scanning techniques are being used and of what vulnerabilities currently exist on a network along with what remediation strategies are in place for those vulnerabilities. Caesium55 specializes in all of these services. We can also work with you on developing a yearly, quarterly, or monthly testing strategy for your network.