Top 10 Things to Look for in a Pen Testing Vendor
What to Look for and what to Avoid When Choosing a Pen-testing Vendor or Provider
All External Testing follows NIST800-115, OWASP, and OSSTMM methodologies, using highly experienced testers who are OSCP and other - certified. These methodologies are considered baseline, as our engineers have developed many other methods overtime which they will also employ.
Unlike many automated pen test and scanning platforms our engineers will use multiple tools and methods, exploiting and monitoring results manually as well as validating false positives. The report deliverable will include valuable remediation advisory.
Sample Report Excerpt
External Testing – Testing publicly visible or available IP addresses to find and exploit vulnerabilities which may lead to critical access or data breach
Internal Testing – Testing behind the firewall or authenticated into target LAN/WAN segments in order to test internal/private IP addresses or assets, with the objective of gaining root access or access to critical data
SSID Testing – WiFi testing of one or more locations and all SSID’s to find vulnerabilities of bad passwords, outdated encryption/authentication protocols, with the objective of gaining critical access to servers, data, assets