Top 10 Things to Look for in a Pen Testing Vendor
What to Look for and what to Avoid When Choosing a Pen-testing Vendor or Provider
Testing your perimeter goes without saying...
but good penetration testers understand both the value and the methods behind internal testing. This is testing behind the firewall or in other words authenticated internal network testing. Not only is this a best practice supported by the NIST, ISO 27001, PCI and other frameworks, but it is critical for finding vulnerabilities that a hacker would find once inside your perimeter.
The average hacker dwells in a network for approximately
200 days. Making hacking difficult and eliminating attack vectors heightens your chance of a hack survival. This pushes the attackers to targets where there is low hanging fruit, and away from you!
Sample Report Excerpt
External Testing – Testing publicly visible or available IP addresses to find and exploit vulnerabilities which may lead to critical access or data breach
Internal Testing – Testing behind the firewall or authenticated into target LAN/WAN segments in order to test internal/private IP addresses or assets, with the objective of gaining root access or access to critical data
SSID Testing – WiFi testing of one or more locations and all SSID’s to find vulnerabilities of bad passwords, outdated encryption/authentication protocols, with the objective of gaining critical access to servers, data, assets
Internal and SSID Testing
Webcheck engineers offer options for internal and SSID testing, from shipping and installing specially configured boxes in an easy process, to downloading a VM from a secure location. We will consult with you after engagement to discuss your testing preferences and make the testing process suited to your environment.