CyBourn delivers penetration testing engagements by leveraging an experienced team of certified experts and analysts. Using industry-recognized as well as proprietary scripts and techniques, we design, test and perform a full spectrum of tactics from vulnerability assessments to red/blue team exercises.
Penetration Testing is a method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary may utilize. Penetration testing should be viewed as a method for gaining assurance in your organization’s vulnerability assessment and management processes, not as a primary method for identifying vulnerabilities. An audit by an external group ensures that your internal team’s processes are sufficient.
Prior to beginning a penetration testing engagement, the scope and objectives need to be agreed upon with the customer. The customer will be informed of our procedures and project plan. During this phase, we will also make sure to gather permission from the people affected by the pen test.
Our engineers uncover as much information about the target as possible. This includes open-source information, like social media and leak databases, or vulnerability assessments, performed either actively or passively, depending on the engagement.
This is the most active phase. An engineer tries to access information or find vulnerabilities from the targets. For web applications for example, the tests include OWASP Top 10 Vulnerabilities tests.
One of the most important phases of a penetration test is the cleaning. We make sure all files we uploaded to the target systems are deleted, all accounts we might have created are disabled and all exploits are erased.
During reporting, our engineers put together all their findings and add relevant information like the CVE numbers, CVSS ratings, impact analysis and tailored recommendations.
For more information and a quote on our Penetration Testing services please contact us!