Salient Features
Environment
- Penetration tests are carried out on customer network and cloud environments which generally includes their applications, API and network.
Penetration Testing Methodology
Our Penetration testing process was created in accordance with several internationally accepted frameworks/standards
- Open Web Application Security Project (OWASP),
- Open-Source Security Testing Methodology Manual (OSSTMM),
- National Institute of Standards and Technology (NIST),
- Information System Security Assessment Framework (ISSAF), and
- Penetration Testing Methodologies and Standards (PTES)
The role of these standards is to harmonize and provides users of the report with standardization. For instance, using OWASP references in the report, you can measure the risk associated to Top 10 OWASP attack vectors
Tools
- The tools that we use combine ‘human creativity and imagination ’ with commercial and open-source tools aligned with target network.
Vulnerabilities and Attack reporting
- Vulnerabilities are rated on a risk rating criteria which will show their ease of exploit and impact. The triage will help you determine the urgency of remediation.
- While reporting any vulnerability and/or exploit we perform manual validation to eliminate any false positive.
Documented Reports
- Each report shared with you is followed up with a session to explain and handhold system teams to remediate.
- Most engagement have an initial draft or scratchpad of vulnerabilities, which the client fixes. Once those are fixed or accepted, we conduct another round of assessment.
- If all identified vulnerabilities are closed, we submit a final report and a certificate of completion.
Questions?
