Concerned about your QSA's experience?
Inside the mind of a black hat
Are these the ICO's new teeth?
Penetration testing is a term that conjures up a lot of confusion in the IT security industry, especially when reviewing specific requirements for compliance such as those stipulated in the PCI DSS Standard. Officially, Penetration testing is the process of probing and identifying security vulnerabilities in a network and the extent to which they might be exploited by outside parties. What is required to achieve compliance with a specific standard however, may be more or less extensive that scanning IP addresses for vulnerabilities.
Blackfoot offers different types of Network Penetration Testing, ranging from scanning of publicly routable IP addresses, identifying known vulnerabilities and exploiting these, right through to attempting physical access to buildings and customer offices/premises and “social engineering”.
Our techniques vary depending on each client’s requirements but include vulnerability scanning, fingerprinting, privilege escalation and post-exploitation phases such as leveraging built-in Unix and Windows tools such as /dev/top, telnet clients, and FTP to launch port scans, create backdoor shells, move files and escalate privileges.
Further to network vulnerabilities, organisations whom have implemented effective network security may still have vulnerabilities within their environments, through weakly developed or designed applications.
Blackfoot’s Web Application Assessment Service can help organisations protect their assets from threats targeted at web applications.
The resulting report will incorporate all assessment findings and activities into a clear, concise, document containing recommendations and mitigation strategies for the identified issues.
We understand the limitations of automated testing tools, and as such, the majority of our testing is performed and verified though manual activities. These activities are conducted using a repeatable, consistent methodology. Automated tools are still used in the assessment, however only where they are known to be accurate, effective and offer value.
Call us: