Network Penetration Testing

Network Penetration Testing

Network Penetration Testing (or pen test) is a complete unrestrained test or evaluation of a network’s security. Our team of white hat hackers will use the latest software and the best methods to try to break into the network and its target systems. This helps uncover any hidden vulnerabilities or security concerns that have not been addressed or are lurking in the shadows. Below are some methods we use during our in depth network penetration testing process:

• Password cracking (brute force/dictionary)
• HTTP Parameter tampering
• SQL Injection
• Directory traversal
• Buffer overflow
• Web session hijacking
• In-depth network service probing
• Packet sniffing

Tanner’s Process

Our testing process strikes the perfect balance between following the “tried and true” methods and thinking outside the box. We recognize the importance of performing the standard well-known tests, but we also take the time to find new and creative ways to test security controls using custom scripts and proprietary attack methods. This is an important part of a Penetration Test, because it simulates the actual mindset of a hacker, and our experience shows that it pays dividends during testing.
Tanner’s Penetration Tests are performed by qualified and experienced security analysts, all of whom have received industry recognizable certifications to effectively work in a clients’ environment. All of our Information Security Analysts hold at least one of the following certifications:

• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)

How often should a penetration test be performed?

While every organization’s needs are different, we generally recommend that penetration testing be performed at least annually in coordination with efforts to meet requirements from compliance standards such as PCI, HIPAA, GLBA, NCUA etc. These annual tests will help to reveal emerging vulnerabilities or hidden threats that can only be identified through in-depth testing. Penetration tests should also be performed whenever:

• Significant software or hardware modifications
• Re-architecting network infrastructure
• IS policies, procedures or processes are modified

Penetration Test Deliverable

After the test is performed, we will deliver an actionable report containing the following information:

• Executive summary
• Testing process and methodology, including instructions on how to re-create the discovered results
• Detailed explanation of each finding, and its associated risk
• Recommendations to address each finding