Our Ethical Hacking (Vulnerability Assessment and Penetration Testing) services ensures that your organisations security measures are actively analysed for design weaknesses, technical flaws and vulnerabilities. Results are delivered comprehensively in a report to Management and Technical audiences.
Our Ethical Hacking approach closely simulates the process of a real hacker. If someone is targeting your organisation specifically, then there is a strong possibility that they do indeed have detailed knowledge of your IT systems and procedures (an employee with a grudge for example). In which case it would be wise to assume that they in fact have complete knowledge of your systems because if your security relies solely on the secrecy of your designs, then you do not have any tangible security at all.
Attackers are constantly probing networks, systems, and Web application in search of exploitable vulnerabilities. Organizations failing to test and secure their Internet facing information assets often fall victim. These probes and attacks are not limited to the size or sophistication of an organization rather its security posture. Ultimately, a successful compromise could cost thousands and possibly millions of dollars in losses to reputation, customer confidence, market share, productivity, legal recourse, and more.
Our team of expert Ethical Hackers can help organizations identify security issues before they are exploited by attackers. We accomplish this by conducting an assortment of vulnerability tests & scans against target systems which are designed to simulate real-world probes and attacks, accurately discover issues, and provide proven solutions for countering attacks; we also offer ongoing testing as well. At the conclusion of our testing, a findings report is provided which includes a detailed description of each issue, an associated severity rating, an exploitability risk rating, and one or more practical recommendations for addressing the issues throughout the System Design Life Cycle (SDLC).
Core Testing Performed
We conduct the following core tests as part of our Vulnerability Assessment services:
Intelligence Gathering - A variety of proven tools and techniques are used to electronically "Dumpster Dive" and collect all types of information (intended & unintended) about the target organizations employees, systems, customer base, product offerings, financials, business relationships, and more that is available/accessible in the public cyber domain.
Port Scanning - Testing includes an assortment of port scans conducted against targets that are designed to positively identify all open TCP & UDP ports, determine compliance with stated policies, and find potential attack vectors.
Services Probing - Thorough probes for available services and subsequent listening applications are conducted against targets to find potential attack vectors and to determine which vulnerabilities may be present to exploit.
Fingerprinting - Various fingering printing tools & techniques are used to enumerate information about target systems, remotely map target networks, and to determine which vulnerabilities may be present to exploit.
Manual Assessment - With the possession of user account privileges, we assess the configuration parameters such as services enabled, registry settings, /directory permissions, executables present, password strength, etc of your servers, network and security devices.
Vulnerability Scanning - A combination of commercial & open source tools, manual techniques, knowledgeable & experienced consultants, and the information collected during other testing phases are utilized to conduct comprehensive External (perimeter) vulnerability scans against target networks, systems, and Web applications for thousands of potential security issues.
Research and Verification - In order to eliminate false positives, detailed research, analysis, and verification testing is performed. This research and testing primary focuses on corroborating results via the search of online databases, mailing lists, newsgroups, exploit publication sites, and other relevant sources and by utilizing manual techniques to verify each finding.
Compliance Testing - Intouch World offers the following optional compliance and standards testing for organizations that must meet one or more regulatory compliance requirements or adhere to industry standards:
• GLBA Compliance
• HIPPA Compliance
• CA SB 1386 Compliance
• Sarbanes-Oxley Compliance
• VISA CISP Compliance
• Payment Card Industry (PCI) Data Security Standard
• Federal Information Security Management Act (FISMA)