Manual vs. Automated Penetration Testing: What You Need to Know
External Penetration Testing
All External Testing follows NIST800-115, OWASP, and OSSTMM methodologies, using highly experienced testers who are OSCP and other - certified. These methodologies are considered baseline, as our engineers have developed many other methods overtime which they will also employ.
Unlike many automated pen test and scanning platforms our engineers will use multiple tools and methods, exploiting and monitoring results manually as well as validating false positives. The report deliverable will include valuable remediation advisory.
Sample Report Excerpt
Interested in scoping your project? Click here to contact us.
To learn more about finding a pen tester, check out this article:
At-a-Glance Definitions:
-
External Testing – Testing publicly visible or available IP addresses to find and exploit vulnerabilities which may lead to critical access or data breach
-
Internal Testing – Testing behind the firewall or authenticated into target LAN/WAN segments in order to test internal/private IP addresses or assets, with the objective of gaining root access or access to critical data
-
SSID Testing – WiFi testing of one or more locations and all SSID’s to find vulnerabilities of bad passwords, outdated encryption/authentication protocols, with the objective of gaining critical access to servers, data, assets