NETWORK
  • PENETRATION TESTING
IMPORTANCE OF NETWORK PENTEST

Even a single successful cyber-attack on network could compromise an organization’s Confidentiality, Integrity and Availability and result in a permanent loss of credibility. This makes network penetration testing not only crucial, but also imperative. Network penetration tests provide insights into the degree of vulnerability of your application infrastructure, and help you expose critical issues, identify threats and vulnerabilities, assess your infrastructure and asset security and reduce risk of data breach.

Our Penetration Testing services help expose vulnerabilities and prevent exploitation by simulating real-world attacks such as the ones given below to safeguard your application network from the intruders.

Types of Network Penetration Testing:

  • External Penetration Testing: It is conducted on external or public facing network to identify vulnerabilities that are visible to outsiders at large. It is done from any remote location over the internet without any explicit access permissions to the organization’s network.
  • Internal Penetration Testing: It is conducted on the internal network to identify vulnerabilities that are visible to potential insiders, contractors, partners with malicious intent. It is done at the vicinity of organization’s network with access permissions given to the attacker to show what risk is posed to information systems by organization’s employees, contractors and guests.
WHAT WE DO
Nt_Pt

PROJECT INITIATION & SCOPING

  • A non-disclosure agreement is the first step towards maintaining confidentiality.
  • A well-defined Scope of work helps the client and valueMentor security analysts to define the limits of the penetration testing

FOOT PRINTING OF ASSETS WITHIN THE SCOPE

  • Network Discovery is performed to identify information such as Active hosts, Active Services, Insecure Services, Fingerprinting the Operating System etc.
  • Identifying the publicly available information enables the attackers to perform targeted attacks against the client

VULNERABILITY ASSESSMENT

  • Automated scanning for finding known vulnerabilities
  • Compliant with PCI ASV Vulnerability requirements
  • A comprehensive list of vulnerabilities are identified & validated
  • False positives are eliminated to create an actionable list of findings

SECURITY ASSESSMENT & ATTACK SIMULATION

  • Our security testing team will prepare the test cases based on the threat profiles.
  • Security test cases are performed using automated and manual methods.
  • Security testing covers SANS, WASC & PCI security assessment requirements
  • A comprehensive list of vulnerabilities are identified & validated
  • False positives are eliminated to create an actionable list of findings

REPORTS WITH REMEDIAL ACTIONS

  • ValueMentor security analysts rank the security vulnerabilities based on both universal vulnerability rating and unique risk rating to the client’s environment.
  • Our security solutions team would add remedial actions to be performed, giving a quick solution for the client to remediate the security risk.
  • Detailed report for the technical team and summary report for the executive management are included.

RE-TEST OF THE REPORTED VULNERABILITIES

  • To confirm the application is secure, validation of the closure of vulnerabilities are performed.
  • Our external web application security assessments include re-tests of all identified vulnerabilities until they are brought down to acceptable risk levels.