Network Penetration Testing
A Network Penetration Test (aka, pentest) is a method of evaluating the security posture of a network system by simulating an attack from malicious outsiders who would not otherwise have authorized access to the network. Vulnerabilities are then documented and exploited in an effort to determine whether unauthorized access of malicious activity is actually possible.
The overall goal of a Network Penetration Test is to identify vulnerabilities, document them, validate them through exploitation, apply risk ratings and formally document the results in a report combined with appropriate recommendations for remediation.
Our comprehensive methodology ensures that our clients’ vulnerabilities are represented by their true real-world likelihood and potential impact to their business. The methodology is founded upon industry-standard frameworks, such as: OSSTMM, ISSAF, OWASP, WASC and NIST Special Publication 800 Series guidelines.
System/service discovery consists of compiling a complete list of all accessible systems and their respective services with the ultimate goal of obtaining as much information about the assets as possible. Commonly, this includes: domain foot printing, live host detection, service enumeration, rogue system/service detection, product-specific vulnerability detection, and operating system and application fingerprinting. With the information collected from the discovery phase, security testing transitions to identifying vulnerabilities in internal and externally facing systems and applications using automated scans and manual testing techniques.
Rigo Technology begins the vulnerability identification process with a combination of commercial and open source vulnerability scanners. Automated scans are good at identifying known and common vulnerabilities, however, automated scans are not good at detecting complex security issues or validating the findings reported. For this reason, automated scans represent only a small facet of the overall security assessment with the majority of vulnerability testing focused on manual testing and verification. Rigo Technology has adopted an industry-standard approach to assigning risk ratings to vulnerabilities. This approach is used in all our assessments and provides our clients with consistent risk ratings that take into account a number of factors ranging from: Skill Level, Motive, Ease of Exploit, Loss of Integrity, Loss of Availability to Loss in Privacy and Reputational Damage.
Discovery/Information gathering via public websites, ARIN, job boards, domain lookup tools, etc
Active network scanning using networking mapping tools and manual processes
Enumeration of live devices searching for vulnerable services and mis-configurations
Exploitation of vulnerabilities to determine whether unauthorized access is possible
Report findings, evidence, recommendations, tools and methodology
The whole process of network penetration testing will be manual which will give you 0% false positive report. Besides that a comprehensive report detailing the findings, risk ratings, recommendations, methodology, tools, evidence and screen-shots will be provided.