Network Penetration Testing

Network Penetration Testing

Network Penetration Testing (or pen testing) is a complete security test against a network. Our team of white-hat hackers will use industry-standard tools and customized hacking techniques to simulate an attack against the target network and its target systems. This helps uncover hidden vulnerabilities or security concerns that are often overlooked by automated scanning tools. Below are some methods we use during our in-depth network penetration testing process:

• Password cracking (brute force/dictionary)
• HTTP Parameter tampering
• SQL Injection
• Protocol Poisoning
• Buffer overflow
• Session hijacking
• Network service probing
• Packet sniffing

Tanner’s Process

Our hybrid testing process combines the “tried and true” methods with thinking outside the box to find previously unknown vulnerabilities. We recognize the importance of performing the standard well-known tests, but also find new and creative ways to test security controls using custom scripts and proprietary attack methods. This is an important part of a Penetration Test, because it simulates the mindset of a hacker and provides superior test results.

Tanner’s Penetration Testing is performed by qualified and experienced security analysts, all of whom have earned industry-standard certifications.  All of Tanner’s Information Security Analysts hold at least one of the following certifications:

• Certified Ethical Hacker (CEH)
• Certified Information Systems Security Professional (CISSP)

How often should a penetration test be performed?

While every organization’s needs are different, we generally recommend that penetration testing be performed at least annually in coordination with efforts to meet requirements from compliance standards such as PCI, HIPAA, GLBA, NCUA etc. These annual tests will help to reveal emerging vulnerabilities or hidden threats that can only be identified through in-depth testing. Penetration tests should also be performed whenever:

• Significant software or hardware modifications
• Re-architecting network infrastructure
• IS policies, procedures or processes are modified

Penetration Test Deliverable

After the test is performed, we will deliver an actionable report containing the following information:

• Executive summary
• Testing methodology, including instructions on how to re-create the discovered results
• Detailed explanation of each finding, and its associated risk
• Recommendations to address each finding