| |
 PENETRATION TESTING
|
| |
|
Password Crackers, Inc. offers Penetration Testing services (also known as an "External Audit" or "Vulnerability Assessment.") If you would like to request a quote for Penetration Testing services, please complete our
Penetration Testing Quote Request Form.
|
| |
|
What is penetration testing and why should you do it?
|
| |
|
Penetration testing is a live test of the security defenses of a network. Our team of specialists uses techniques and exploits
that real-life hackers would use to simulate the results of an attack. Penetration testing helps an organization determine their level of network security and vulnerability and identify weak elements that need to be repaired.
It can aid in evaluating an organization’s detection and response capabilities and help determine whether the proper controls are in place.
|
| |
|
We have found that most networks have vulnerabilities serious enough to allow the network to be completely compromised, but that most of these vulnerabilities can be identified through
penetration testing, addressed and corrected. For most organizations the risks of not identifying serious security flaws are unlimited and the losses can be enormous.
|
| |
|
In the same way that most software is beta tested by live users, penetration testing is an established technique for the live testing of network security. Many organizations use penetration testing on a regular
basis to continuously evaluate their security status.
|
| |
|
Password Crackers, Inc.’s tiger-team members keep up-to-date with the most recent exploits and vulnerabilities. Since new exploits
are discovered daily, IS managers and network security administrators need to be continuously vigilant. Penetration testing is a valuable testing, auditing and evaluation tool.
For some organizations network security is an important marketing element. In these cases, having a comprehensive audit by an outside third party, such as Password Crackers, Inc., can provide a sense of
objectivity and reliability to the analysis.
|
| |
|
Service Overview
|
| |
|
A penetration test or external audit is a detailed analysis of your network and associated systems from the
perspective of a potential hacker. A penetration test will test your network for thousands of known vulnerabilities and provide a detailed report of any vulnerabilities that are found.
The tests are conducted remotely over the Internet and do not require physical access to your premises nor do they require access to any privileged information such as usernames or passwords. They
are based on an external testing ‘black box’ approach - whereby no prior assumptions about your systems are made.
|
| |
|
Because every organization is different, our Penetration Testing service can be customized to meet your needs. Our security consultants will work with you to properly estimate the size and scope of your test. The one-time Penetration Test service
provides a single test, while a subscription provides a repeated periodic test of your company’s network and associated systems.
|
| |
|
You can specify who in the organization will be informed of the test and what systems will be tested.
If you would like to specify that certain systems or components not be tested, they can be removed from the test. Password Crackers, Inc. will not undertake any Penetration Testing until the test has been duly authorized by the client and the scope clearly defined. As a client you can specify, for instance, a “look, but don’t touch” policy, or a “please inform us immediately of any found vulnerabilities” policy. We are flexible regarding these options and can customize a process that will meet your specific needs.
|
| |
|
The testing process initially gathers available information or intelligence about your company’s network to find details that could prove useful to a potential attacker. Your network is
then actively probed (also known as scanning, mapping or penetration testing) looking for security weaknesses that could be exploited.
When performing Penetration Testing, Password Crackers, Inc. will not place or alter any files on any systems. Our tests are designed to limit bandwidth usage so that system resources are not drained during the test.
|
| |
|
Our penetration test will include testing for:
- bugs, exploits, vulnerabilities and security holes
- firewall and router weaknesses
- exploitable trusts and shares between systems
|
| |
|
Testing will not include application vulnerabilities such as CGI scripting weaknesses, cross-site scripting vulnerabilities or SQL injection vulnerabilities.
|
| |
|
While performing these tests, we may also uncover other issues that do not pose a security threat but indicate a non-optimal configuration that may cause performance problems or functional
instability. We will fully document these issues.
|
| |
|
Once the tests are completed, the results are compiled into a report. This report contains both a management level overview of any
issues and also technical level details of the test results including full details of each security issue uncovered.
Full technical details of how to fix each security leaks is included in the report. In addition to any security issues, the report also lists any non-optimal configurations that were found during the tests.
A sample report is available to be viewed here.
|
| |
|
The report is just the first step. The report will not enhance network security unless quick action is taken to implement the suggested changes. The service does not include consulting services to assist with making the changes to the network identified by the report. These consulting services are available as an option for an additional fee (this fee will be quoted once the scope and extent of the additional consulting services is known.)
|
| |
|
Security is a process, not an event. Servers and network devices are changed regularly, new patches are released and new vulnerabilities are discovered daily. In addition to correcting any identified possible vulnerabilities, you should plan on regularly re-scanning your internet exposed devices on a regular and recurring basis.
|
| |
|
Rates and Timeframe:
|
| |
|
Each Penetration Test is quoted individually. Please complete our Penetration Testing Quote Request Form to receive your custom quote by return email. Password Crackers, Inc. will
perform certain due diligence to determine if the client is authorized to contract for services on the computers or networks described. A contract is required prior to beginning any work.
A sample contract is available here.
After the test, final reports will be returned in writing. A typical Penetration Test is delivered within one week. However, depending upon workload, we may be able to deliver results faster.
|
| |
|
If you have additional questions about our Penetration Testing services, please contact us by email at pwcrack@pwcrack.com.
|
| |
|
For More Information, Call: 301-980-0501
or email us at: pwcrack@pwcrack.com
|
| |
|
Please read our instructions before sending files or payments.
|
| |
