SOC 1 Report
Penetration testing is designed to assess your security before an attacker does. It is more than identifying vulnerabilities and involves real-world attack scenarios to validate the efficacy of defensive mechanisms and adherence to security policies. Our pen test professionals are highly experienced and perform tests using manual or automated technologies and systematically attempt to exploit vulnerabilities within servers, endpoints, web applications, wireless networks, network devices, mobile devices, and other potential endpoints of exposure in infrastructure, applications, people and processes.
Through active exploitation, e-InnoSec can provide strategic guidance on risk (vulnerability, impact, and likelihood) and tailor advice on countermeasures. e-InnoSec's pen test and application security consultants hold CISSP qualifications, and many also host CISA and CISM accreditations.
Our services include:
- Internal Pen Testing
- External Pen Testing
- Black Box Testing
- Grey Box Testing
- White Box Testing
Our Engagement Approach:
- Pre-Engagement Stages
- Technical Testing Phase
- Reporting Phase
- Resolution and Retesting
Our simplified approach in conducting a pen test:
- Information gathering - Understand customer requirements, goals of the pen test, and decide where to stop while performing penetration testing.
- Recon: Identify resources within scope to test and conduct discovery of open ports, services, and web apps.
- Threat modeling: Identify vulnerabilities worth exploiting and attack surface. This includes a collection of scans on the target to decipher how their security systems will counter multiple breach attempts. The discovery of vulnerabilities, open ports, and other areas of weakness within a network’s infrastructure can dictate how pen testers will continue with the planned attack.
- Exploitation: Identify vulnerabilities to exploit and develop proof of concept attacks within scope, which can be from simulated to extremely aggressive. The attackers gain access leveraging common web application attacks such as SQL Injection and Cross-Site Scripting to exploit any present vulnerabilities.
- Post-Exploitation: Get evidence, generate reports, and rank vulnerabilities.