Network Penetration Testing
Network Penetration Testing (or pen testing) is a complete security risk assessment of a computer network. We employ industry-standard application scanner tools coupled with customized hacking techniques to simulate attacks against target networks and network systems.
Our methods help us uncover hidden vulnerabilities or security concerns that are often overlooked by automated scanning tools. Below are some of the methods we use as part of the testing process:
- Password Cracking (Brute Force/Dictionary)
- HTTP Parameter Tampering
- SQL Injection
- Protocol Poisoning
- Buffer Overflow
- Session Hijacking
- Network Service Probing
- Packet Sniffing
Our hybrid testing process combines tried and true methods with “outside the box” solutions to find hidden or previously unknown vulnerabilities. We recognize and implement all standard testing methods, and we understand that hackers constantly find new and creative ways to hack in.
We test our security controls using custom scripts and proprietary attack methods. This is an important part of the network penetration testing process, because it simulates the mindset of a real hacker and provides more realistic test results.
Tanner’s penetration tests are performed by qualified, experienced security analysts, all of whom have earned industry-standard certifications. All our Information Security Analysts hold at least one of the following certifications:
- Certified Ethical Hacker (CEH)
- Certified Information Systems Security Professional (CISSP)
How Often Should a Penetration Test Be Performed?
While every organization’s needs are different, we generally recommend annual penetration testing to meet the requirements of various compliance standards. These annual tests will reveal any emerging vulnerabilities or hidden threats that could only be identified with thorough, regular, in-depth testing.
Penetration tests should also be performed whenever your network experiences:
- Significant software or hardware modifications
- Re-architecting of the network infrastructure
- Modification of IS policies, procedures, or processes
Penetration Test Deliverable
After each test is performed, we deliver an actionable report containing the following information:
- Executive Summary
- Testing Methodology
- Instructions on Recreating Test Results
- Detailed Explanation Findings and Associated Risks
- Recommendations for how to address each finding