∙ COMPLIANCE STANDARDS ∙
   SERVICES
Compliance and Security Services
  Incident Response
Forensics
Pen Tests
Compliance Assessments
Vulnerability
Assessments


Security Associates Corp™
5218 Keller Ridge Rd.
Clayton, CA 94517
(925)672-2008
HOME SERVICES Compliance and Security Services
Pen Test

A penetration test is an audit of a production network environment in which a someone possessing private access to the tools that crackers typically use in an assault on a production network, utilize those tools in a proactive approach to assess the current state of security on a target network. These tools are used in a zero-knowledge assault where the hackers or Tiger Team in some cases are not given any sensitive information about the target accept the company name, otherwise known as a zero-knowledge penetration test. The Tiger Team would do low-level analysis of all services running on a particular set of hosts or servers, identify their versions, and attempt to exploit vulnerabilities that would provide further unauthorized access to the network.
Where applicable to a project, the Network Security Penetration Test may include, but is not limited to, all or part of the methodology, activities, and procedures listed below. Heavy penetration testing generally includes the following list of vulnerability checks in addition to all of the items in the light package.
  1. Windows-based Trojans
  2. Unix-based Trojans
  3. Distributed Denial of Service Attacks (DDoS)
  4. Trivial Denial of Service Attacks (DoS)
  5. Password Grinding
  6. Brute-Force Attacks
  7. HTTPD Vulnerabilities
  8. SMTP/POP3 Vulnerabilities
  9. Buffer Overflow Attacks
  10. Database/Data manipulation
  11. Physical Security Testing
  12. Social Engineering Tactics
  13. War Dialing (optional, would require extra day(s) of service)
  14. Evaluation of Application Source Code
  15. Firewalking (Evaluation of Firewall/Access Control Rulesets)
  16. Finger Abuses
  17. FTP Vulnerabilities
  18. Remote Root Shell Attempts
  19. Remote Shell Attempts

Security Associates Corp™ Penetration Testing services uncover weaknesses in your organization's external information security defenses and validate the ability of your organization to detect and halt an attack. When our testing is complete, Security Associates explains how we compromised your environment, and along with providing you remediation steps to mitigate risks form future attacks.

  • Blind Internet Penetration Test – With basic information such as your organization's name, our penetration team documents the entire process that might be taken in an attempt to compromise a site without performing intrusive testing. Our deliverable contains screen captures and timelines from network profiling to attack completion.
  • Targeted Penetration Test – Using multiple commercial and open source hacking tools in conjunction with information that would be available to an intruder, our consultants will ethically probe your systems from the Internet or onsite at your location. This service tests the hardiness of specific targets to determine their ability to withstand internal and external compromise.


   © 2011       Copyright Security Associates Corp™
HOME | CONTACT US | TOP