Security Penetration Testing

Penetration Testing

Penetration Testing is an important tool in helping to identify and remediate IT infrastructure weaknesses. Periodic penetration tests are a widely accepted security "best practice" and are required by many regulatory standards including the PCI Data Security Standard.

There are three commonly accepted approaches to conducting penetration tests; black box, gray box, and white box. The most significant difference between these approaches is the level of information about the target systems that is provided to the testers. In a black box test the testers have no prior knowledge of the infrastructure to be tested. The testers are required to determine the location and characteristics of the systems before commencing their analysis. At the other end of the scale, white box testing provides the testers with a good deal of information about the infrastructure to be tested, which often includes network diagrams, IP addresses, and network operating systems. There are also several variations in between, often known as gray box tests. Another way to categorize the testing approach is: blind, double blind, gray box, double gray box, tandem, and reversal. This categorization is the approach used by the Open Source Security Testing Methodology Manual (OSSTMM).

How TrustNet Helps

TrustNet's methodology for penetration testing is based on the OSSTMM. This is a peer-reviewed methodology for performing security tests and metrics. We also incorporate aspects of methodologies from The National Institute of Standards and Technology (NIST), Information Systems Audit and Control Association (ISACA), and The Information Systems Security Assessment Framework (ISSAF).

  • Affordable - designed and priced to meet your specific needs no matter how small or large your requirements
  • Comprehensive - provides a 360 degree view of risks including people, processes, and technology both internally and externally
  • Fast – using a combination of automated tools and investigative consulting we provide rapid results
  • Effective – we provide actionable data and recommendations with detailed step-by-step guidance
  • Proactive - identifies potential issues in IT infrastructure by locating vulnerabilities and weaknesses before they impact the business
  • 26.jpg
  • 22.jpg
  • 1.jpg
  • tengasco.png
  • 19.jpg
  • 2.jpg
  • 23.jpg
  • middle kingdom.png
  • 32.jpg
  • 20.jpg