Under the umbrella of vulnerability assessment and penetration testing services, we offer the following types of services:
- External vulnerability assessment and penetration testing
- Internal vulnerability assessment and penetration testing
- Social engineering testing
- Wireless security assessments
An understanding of the nature of the point of view of the test (internal vs. external) as well as the type of test (vulnerability assessment vs. penetration test) is critical in evaluating the different services and determining what will best fit the needs of your organization.
All of our vulnerability assessment and penetration testing programs are primarily based upon the Information Systems Security Assessment Framework (ISSAF) developed by the Open Information Systems Security Group (OISSG), which is an international peer-reviewed framework for assessing information security controls. Vulnerabilities identified are incorporated into a risk assessment matrix that incorporates both technical and business risk components to arrive at a calculated composite risk level.
At the conclusion of the engagement, management will be presented with a formal written report that includes a management summary of findings and recommendations, detailed documentation of procedures performed and controls observed, as well as technical information and mitigation instructions for identified vulnerabilities.