TEST
Quantifying risk is a critical factor within an effective information security program. Stepping through real-world security incidents can help you quantify the impact that events may have on your business. Our testing services include the most widely recognized and critical simulations that produce business-relevant consequences. These offerings include web application penetration testing, network-based penetration testing, client-side attacks, and social engineering. Determining your exposures in these areas will support management decisions on how best to manage risk on a go-forward basis.
Web Application Penetration Testing
Internet-facing web applications provide convenient access for critical data that is required to conduct business with partners, customers and employees. Despite the conveniences they afford, internet-facing applications can represent one of the weakest links in your security posture. These applications often contain vulnerabilities that cannot be addressed with traditional countermeasures such as scanners, firewalls, intrusion detection systems, and anti-virus mechanisms. Because your internet-facing applications may expose highly confidential data, understanding the vulnerabilities that exist is an integral part of any best practice software development program. VIOPOINT leverages highly experienced staff to uncover application vulnerabilities in your environment. We work with an industry-leading web application pen-testing provider – Hacktics (www.hacktics.com) to identify gaps in your web application infrastructure and educate your security staff on how critical these risks can be to your business.
We have an outstanding track record in exposing and exploiting critical vulnerabilities which ultimately helps to reduce the risks of even the most secure and confidential web application architectures.
Network and Client-Side Penetration Testing
The dynamic nature of network threats requires a specialized approach to identify and mitigate these exposures. Our unique approach to network-based penetration testing includes additional testing for the most widely exploited client-side vulnerabilities using a hybrid social-engineering and phishing based methodology. VIOPOINT performs its network and client-side penetration tests using a combination of open source tools and Core Impact (www.coresecurity.com), which is recognized as the industry’s leading pen-testing tool. We use Core Impact to test traditional host and system level exploits; but also use it to launch email-based attacks on end users. This additional step evaluates client-side security in your organization by measuring the effectiveness of anti-spam, anti-virus, patching and end-user awareness all within one testing service. The results can be used to make focused decisions on how best to manage risk in these areas.
Social Engineering
Malicious users often gain unauthorized physical or logical access to an organization by tricking end-users into providing them with confidential information. For this reason, regular testing of end-user awareness is critical to ensuring that policies and procedures are being disseminated, read, and most importantly, understood by all employees. Our approach includes performing reconnaissance of your organization by using publicly available repositories and then testing whether targeted end-users will provide confidential data to our testers using various guises and scenarios that mimic real-world social engineering attacks. The results will help you determine if end-users are leaking sensitive data without validating the identity of outside entities; or if they are truly helping to police the organization and adhering to the proper policies and procedures.
