Hypersecurity LLC Penetration Testing Services

Penetration Testing

The HyperSecurity penetration test professionals will perform an analysis of your current security environment and provide robust solutions to improve your security posture. A penetration test provides an attacker’s-eye view of where the vulnerabilities present in your environment can be exploited. A well-conducted penetration test will help you determine whether your policies and processes are providing you with sufficient protection. A penetration test involves simulating a malicious attack to determine what security measures need to be taken to ensure security. Parameters that are tested may include any of the following: information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters, and military bases.

Why use a 3rd Party?

The Hypersecurity Penetration Test Team employs staff trained in the latest hacking techniques and provides a comprehensive report with recommendations to help improve their overall security posture. Penetration testing services can be performed in a number of ways. Initially, Hypersecurity recommends a test of the external facing (public IP space) infrastructure. This can then be followed up with internal testing inside the firewall.

Partial Knowledge Penetration Tests

You may choose to provide certain information to the Penetration Test Team and work with them from the outset of the security auditing process. In such a partial knowledge test (sometimes referred to as “open” testing), you provide the tester with data about the environment to be tested. Such data is typically information an attacker will find anyway and it allows the tester to get deeper into the testing in a more timely fashion. You can also choose a partial knowledge test if there's a specific kind of attack you want to have the tester focus on, or a specific target. The knowledge you provide the tester may include corporate security policies, network topology documents, asset inventory, and other similar types of information. This data assists the tester in quickly gaining knowledge of your company’s assets and vulnerability. In an open test, the testers will likely conduct interviews with system and network administrators to learn about undocumented and informal practices.

Zero Knowledge Penetration Tests

Some organizations believe that a zero-knowledge attack—one where you begin with no information or assistance from the client—is best, because the tester will work under the same conditions as an attacker. A Zero Knowledge Penetration Test will typically begin with information gathering. Based on the information gathered through your publicly accessible sites (mail servers, DNS, web servers, etc.), public records and databases (Address and Name Registrars, DNS, Whois, EDGAR), and perhaps from social engineering (extraction of information from your employees), the tester will attempt to map your network, using tools such as ping, traceroute, nmap, nessus and other address and port scanning tools. If you want the test to simulate real world attacks and also want to minimize responses to false alarms and panic across your organization, testers can work in stealth mode, mapping your network and enumerating services, shared file systems, and operating systems nearly unobtrusively. War-dialing can also be performed this way. The testers will identify weaknesses that could allow Trojans or other malicious code to be introduced to your environment. They will also try to identify application vulnerabilities -- easily compromised CGI’s, Web forms and scripts.

NOTE: Zero Knowledge Penetration Test services are only performed on a custom consulting basis because discovery of data during the vulnerability scan will determine the level of effort required to perform penetration testing services and we will only proceed as far as the client directs in these instances.

Benefits of having Hypersecurity perform Penetration testing include identifying threats facing your information technology assets to gain better control of your information risk and properly budget for more cost-effective security solutions, helping you reduce your overall security costs and provide a better return on investment (ROI) by identifying and resolving vulnerabilities and weaknesses, and providing your company with assurance that a thorough and comprehensive assessment of security policy, procedure, design and implementation has been completed. We help you gain and maintain certification to industry standards and conform to industry best practices by following legal and regulatory strictures applicable to your organization.