INDENTIFY YOUR RISKS IN REAL-TIME WITH PENETRATION TESTING
Test Your Defenses. See what a hacker sees on your network before they do.
When performing a pen test, we essentially become a hacker on a company’s network. We look for sensitive data, perform exploits, conduct man-in-the-middle attacks, crack password hashes, escalate privileges on the network, and even impersonate users to find sensitive data. We go beyond identifying vulnerabilities by actually exploiting them to demonstrate what happens if an attacker got access to the network.
Let's get started!
WE PARTNER WITH YOU TO
REACH YOUR SECURITY GOALS
At Devfuzion, we specialize in penetration testing. Our engineers have industry-recognized certifications and a wealth of experience performing penetration tests for Fortune 500 companies, small start-ups, and everything in between.
TYPES OF PENETRATION TESTS WE OFFER
A penetration test can take many forms but ultimately emulates an attacker trying to gain unauthorized access to sensitive information. Our assessments are built to holistically evaluate your organization against specific threat vectors, emulating techniques currently used by attackers.
An external penetration test emulates an attacker trying to break into your network from the outside. The goal of the engineer performing this assessment is to breach the perimeter and prove they have internal network access. This test includes:
- Open source reconnaissance against the organization
- Full port scan covering all TCP ports and the top 1,000 UDP ports of the targets in scope
- Full vulnerability scan of the targets
- Manual and automated exploit attempts
- Password attacks
An internal penetration test emulates an attacker on the inside of your network. This could be either an attacker who is successful in breaching the perimeter through another method or a malicious insider. The goal of the engineer in this module is to gain root and/or domain administrator level access on the network, and gain access to sensitive files. Activities include:
- Active and Passive network reconnaissance including traffic sniffing, port scanning, LDAP enumeration, SMB enumeration, etc.
- Vulnerability scan on all in-scope targets
- Spoofing attacks such as ARP cache poisoning, LLMNR/NBNS spoofing, etc.
- Manual and automated exploit attempts
- Shared resource enumeration
- Password attacks
- Pivoting attacks
A wireless penetration test is a comprehensive evaluation of the wireless networks in your organization using automated and manual methods. Areas covered include:
- Password attacks
- WEP/WPA cracking
- Guest wireless segmentation checks
- Traffic sniffing attacks
- SSID spoofing
- Rogue access point discovery
A web application penetration test is an in-depth penetration test on both the unauthenticated and authenticated portions of your website. The engineer will test for all of the OWASP Top-10 critical security flaws, as well as a variety of other potential vulnerabilities based on security best practice. Activities include:
- Website mapping techniques such as spidering
- Directory enumeration
- Automated and manual tests for injection flaws on all input fields
- Directory traversal testing
- Malicious file upload and remote code execution
- Password attacks and testing for vulnerabilities in the authentication mechanisms
- Session attacks, including hijacking, fixation, and spoofing attempts
- Other tests depending on specific site content and languages
This assessment is designed to target and take advantage of the human-element to gain access to your network. This is done using a variety of methods to get an employee to click on something they shouldn’t, enter their credentials or otherwise provide them when they shouldn’t, or divulge information that may assist an attacker in breaching your network. The goal for the engineer performing this assessment is to gain information that may assist an attacker in future attacks, gather credentials, or gain a foothold on the internal network. This assessment will include:
- Phone-based attacks
- Spear phishing attacks
- Bulk phishing attacks
A physical penetration test is an assessment of the physical security of your premises. Our engineers will attempt to gain access to your facility by identifying weaknesses and/or using social engineering. Once inside, our engineers will attempt to gather sensitive information, gain access to sensitive areas such as the data center, and attempt to gain internal network access.
Vulnerability scanning is a regular, automated process that identifies the potential points of compromise on a network. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Our engineers will conduct this scan for you and use our expertise to remove false positives and produce a risk-prioritized report.
Developing a secure IoT solution depends on a number of security considerations. This assessment will evaluate the IoT device and its associated infrastructure against common attacks. It can include an evaluation of the edge device, the gateway, the cloud infrastructure, and/or any mobile applications. Our engineers will evaluate your IoT Device utilizing the OWASP IoT Framework Assessment methodology.