Penetration Testing &
Vulnerability Assessment
Penetration testing has proven to hold a vital role in ensuring that weaknesses or vulnerabilities in company systems are exposed and acted on before being exploited by cyberattacks.
DOWNLOAD OUR PEN TESTING BROCHURE
SIGN UP & DOWNLOAD BROCHUREOur Penetration and Vulnerability Assessment services provide an overall determination of information security risks within our clients’ network environments.
KEY OBJECTIVES
• Culture of security
• Discover and test external internet presence Red Team/Blue Team and tabletop exercises
• Security Incident Response procedures assessments
• Vulnerability scans of a representative sample of internal subnets
• Application security review of sample web application and application(s) environments for specific vulnerabilities
• Social engineering tests on a representative sample of employees using email, phone, and removable media as attack vectors
• Wireless security tests at corporate and sample field locations
• Physical security testing, involved and scoped with the client, to cover potential exposures
• Comprehensive reports for preventive and detective controls to protect against identified vulnerabilities
PENETRATION TESTING METHODOLOGY
• Follows ISO 27002 series and provides testing best practices, recommendations and reporting Internal/external network penetration assessment and testing
• Determination of incidents and reporting
• Evaluation of existing security tools (i.e. IPS, SIEM, End-Point protection)
• Comprehensive assessment and review of existing security network, policies and infrastructure identifying vulnerabilities of key servers and end-point devices
• Vulnerability assessments based on identified organization constituents (targets to be determined with the client), including phishing and social engineering
• Determinations on existing data security controls (“as-is” state of the overall security network)
• Network traffic sniffing
• Reconnaissance & Dark Net research to assess if IPs have already been compromised
• Analysis and detection of the existence of malicious code or tools
• Analysis and detection of both known and unknown hacking concerns for the client
• Final comprehensive report and recommendations based on executed tests results
PHASES OF TESTING
PHASE 1
Contextualized, detailed understanding and reporting as to the contemporary threats and threat factors that could impact your network along with likely motivations to do so.
PHASE 2
In phase 2, Axis Tech performs the actual penetration tests, influenced by Phase 1 output. This involves conducting exercises based upon the scenarios defined by Phase 1. these exercises are conducted in as realistic a way as possible.
PHASE 3
Having completed the technical assessments of the network, people and processes, we present the relevant and actionable outcomes in three key deliverables:
1. A Threat Intelligence Report
2. Attack Test Report
3. Security Improvement Plan