This page is too short to provide a complete description of our methodology. We do provide such description in our proposals submitted to the client before starting a penetration testing engagement, and we do submit a proposal for every engagement. In the interest of completeness, here is a high-level overview of the general steps our efforts follow.
  • Pre-engagement Interactions
  • Intelligence Gathering
  • Threat Modeling
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation Forensics
  • Reporting

In addition, we take pride in the fact that we do provide the widest spectrum of automated scanning tools coverage in the industry! For instance, in a typical penetration testing effort we use at least three (3) network penetration testing tools (i.e. Nessus, Retina, nExpose, GFI Languard, etc), and at least three (3) web application security assessment tools (AppScan, WebInspect, Cenzic Hailstorm, Acunetix, N-Stalker, NetSparker, etc). Also, if the penetration testing effort requires it, we use at least three (3) database security scanning tools (i.e. AppDetective, McAfee Database Vulnerability Scanner, Scuba, PFCLScan, etc). Finally, if the penetration testing project requires it we use at least three (3) source code security analysis tools (i.e. AppScan Source, Fortify, Coverity, KlocWork, etc). To the best of our knowledge, no other penetration testing company provides "full-depth" assessments across all layers (i.e. source code, application, web, and database), and no other company provides "full-breadth" assessments using all industry standard tools (listed above). Most compliance standards such as PCI, HIPAA, SOX, FISMA and others require that at least one of the industry standard tools listed above is used in a penetration testing effort in order for the pentest results to be considered acceptable for compliance purposes. But when you hire us, you get at least three (3) compliance-ready tools across ALL layers! Add to that 15-20 years of manual hacking expertise and you begin to understand why our client retention rate has always been 100%. HOME 1-844-INFOSEC