Process


We use the same set of vulnerability assessment tools that a real hacker would use, and also follow the same methodologies to exploit the holes or problems, and penetrate through it. The testing is done using automated tools as well as manual methods. The following illustrates some of the various vulnerability classes we cover during an internal or external network penetration test.

Network Security Audit Process

Before Testing Starts

  • Sign NDA

  • Freeze on scope

  • Study Cloud App Architecture

  • Study Cloud User Roles

  • Decide attack vectors and prioritize

  • Allocate single point of contact


During Testing

  • Black box testing

  • Gray box testing

  • Automatic and Manual Testing

  • Testing Phases

  • Reconnaissance

  • Scanning

  • Gaining Access

  • Maintaining Access

  • Covering Tracks

  • Gathering Logs

After Testing

  • Analyse logs

  • Confirm results

  • Apply Knowledge

  • Apply Experience

  • Repeat Test if required




Testing Outcome

  • Detailed technical report

  • Executive summary

  • High level fixation solutions

  • Certificate of testing completion (optional)

Network Penetration Testing

Features

Process

Benefits

FAQ

Related Links

A typical website penetration testing service comprises of simulation of real life hacking methodologies. It encompasees various security attack vectors and exploitation of potential vulnerabilities.Read More
We follow a systematic and yet agile approach to test website security. This helps our customers gain an extremly accurate and elaborate results along with a knowledge base and years of experience on the subject matter.Read More
Security testing is a continuous improvement process to get benefited in terms of increasing ROI (Returns On Investment). Benefits of a pen-test are short term as well as long term.Read More
Here is a list of typical questions which are in the minds of those who wish to leverage our services. If you see more information, feel free to contact us.Read More
Please see a list of key vulnerabilities which must be tested while performing a website or webportal penetration testing.Read More

Testimonials

After dealing with a number of QSA auditors, we found SecurityMetrics offered the most helpful and practical PCI advisement. We are delighted to work with them as we continue to strengthen our PCI environment.

JetBlue

You relieved me and all of us at Orbis, of the heavy burden of dealing with PCI and some very PCI-skeptical merchants.

Bill Isetta, Orbis Payment Services, Inc.

SecurityMetrics takes the complexity of PCI compliance and then rolls it into a simplified process for all of our merchants.

Craig Lum, Card/Pay

Maintaining PCI compliance is extremely important with large scale e-commerce applications. SecurityMetrics makes the process of getting compliant extremely easy.

Thomas W., eVitamins

The relevance of ensuring proper ecommerce website security and protecting card holder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.

Jason Drake, Premiere Sports Travel

PCI seems daunting - regardless of who you are - SecurityMetrics deployed professional, reliable and trustworthy people who enabled us to not only get through the process with ease, but also to educate us how to manage, control, and implement our strategy in the future.

Greg Mahoney, USAG, Inc.