Using techniques and skills that simulate a focused hacker attack, a review of your security posture will be undertaken with a comprehensive report compiled with the findings as well as recommendations for increasing the security of your systems.
Our pricing and offering is based on a flat rate assessment. This is a quick fire assessment, we are able to mobilise quickly and perform a fast assessment giving you results within days; not weeks or months. There are no hidden costs or scope creep. This external facing or “black box” assessment will give you an understanding of how good (or bad) your systems security really is. The request form will enable us to confirm the scope and requirements of your Security Assessment.
|STANDARD ASSESSMENT||ADVANCED ASSESSMENT|
|5 hours of testing||10 hours of testing|
|Simulated Attack Techniques||Simulated Attack Techniques|
|Fast turn around||Fast turn around|
|High level summary||High level summary|
|Detailed custom report||Detailed custom report|
|Remediation advice for each finding||Remediation advice for each finding|
Anyone who wants to understand the security posture of their Internet facing services.
What systems can be assessed?
With strong security analyst and systems administration backgrounds we are able to assess Internet connected servers, Networks and Web Sites for security vulnerabilities.
Will this testing set off any alarms?
Hopefully… depending on the state of your Internet Security Monitoring we sometimes set off alarms, this service can be used to test the operation of those monitoring systems and Incident Response capabilities.
The pricing model is based on a fixed price assessment. We focus on providing a testing service that will give the most value for money. Quickly assess how good or bad your security really is and then get advice to improve it.
What is your methodology?
The methodology is outlined in the proposal, in brief it follows industry standard best practice using a combination of manual and automated security scanning techniques.
How does the Payment process work?
Payment is via Credit Card or PayPal. Once payment is received testing can normally be undertaken within a day or two.
How long until report is compiled?
Once payment is received and testing time is agreed upon the report is delivered within 48 hours of testing.
Fill out the form below with as much detail as possible and we will have a no obligation proposal in your mailbox before you know it.
Comparing Vulnerability Scanning, Assessments and Penetration Testing
Many clients request a Penetration Test when they are essentially after a Vulnerability Assessment. So what is the difference between a vulnerability scan, vulnerability assessment and a penetration test (pentest)??
Vulnerability Scanning is the use of security testing tools (vulnerability scanners) to perform an automated scan against a target system, web page or network. The results from this type of testing is often technical in nature and can be prone to false positives and / or false negatives.
Different tools perform different security testing functions, network scanners,web application scanners and database scanners are all available. Some of the best are focused tools that detect one specific class of vulnerability.
Vulnerability Assessment is performed by an experienced security practitioner who uses a combination of automated vulnerability scanning tools and manual testing techniques to assess the security of the target server, web site or network. Typically this will involve a manual review of the target, so that the automated tools are used in the most efficient and accurate way.
Results from the automated scans are then reviewed and systems can be manually tested to confirm the presence of any security vulnerabilities. This manual interaction significantly reduces the false positives. Finally a report is compiled that outlines the most significant issues along with re-mediation advice on how to resolve the issues discovered.
Penetration Testing (pentest) is similar to a vulnerability assessment however it goes a few steps further. Usually the scope will be wider, in that other aspects of an organizations infrastructure or processes may be within the scope. For example client systems may also be in scope, malicious exploits could be sent to employees to gain access to the client desktops allowing access to the internal systems through this popular attack vector. Another example may be that after the discovery of a SQL Injection flaw, the injection is exploited to extract information from the database.
The goal of a penetration test will be to gain access to internal company data or systems. Rather than just identifying vulnerabilities it will involve actual exploitation of the vulnerabilities, so that further exploitation is possible.
The purpose of going deeper into the attack process is to enable the client to develop a better understanding of the risks that they face from the vulnerabilities within the organization systems and processes.
HackerTarget.com generally recommends a vulnerability assessment as the type of test that will provide most value to the majority of clients. By having a vulnerability assessment performed, the client gains an immediate understanding of how their security looks from the perspective of an external attacker. They can then work to resolve any discovered vulnerabilities, and by understanding the state of the systems are able to get on with business without that nagging worry.
Clients who are potentially under threat of more targeted attackers will sometimes take the next step and have a penetration test performed. This will often be a follow-up test engagement after a vulnerability assessment has been performed and re-mediation undertaken.