Penetration testing is a business-critical imperative for any connected application or product that ensures vulnerabilities are identified from the perspective of an adversary and exploited. Penetration testing takes vulnerability analysis further by measuring the efficacy of any network or endpoint security controls through a sanctioned adversarial exercise to determine how far an adversary could get if targeting the organization or a connected product.
Regular penetration testing is required for compliance programs, such as the PCI-DSS, SOC2, and an ISO 27001 information security management system (ISMS) but most importantly, is necessary in providing a view of threats to the business through the lens of an adversary.
SecReliant is methodical in its approach to consulting engagements, ensuring that all engagements are closely managed by an assigned project manager. Numerous penetration testing frameworks exist, such as the penetration testing execution standard (PTES), NIST SP 800-15, and the Open Source Security Testing Methodology Manual (OSSTMM) among others.
Once a penetration test engagement begins, SecReliant will first determine what the rules of engagement are (ROE), document that into a formal ROE form that is signed by both parties that determines what is in scope and not in scope of the engagement referred to in the PTES as the initiation phase.
The penetration test will start with intelligence collection where we’ll determine what information from, and about the business, has been posted on publicly accessible sites that might prove useful in the tactics and techniques used by our testing team in a later phase.
Reconnaissance will then begin where our team will footprint the defined in-scope targets of the penetration test. This helps the SecReliant team determine what is reachable by our testing team and could then act as potential footholds to pivot from in the exploitation and post-exploitation phases.
After reconnaissance, our team will perform vulnerability analysis where vulnerabilities are identified in endpoints that could potentially be exploitable. This is usually done using vulnerability scanners where high and critical vulnerabilities that allow remote code execution (RCE) or shells are leveraged to get a foothold in the target environment.
Next, exploitation is performed. During exploitation, our team takes exploitable vulnerabilities and leveraging RCE or other techniques, establishes a foothold that then allows them to pivot to other machines during the post-exploitation phase where previously determined “crown jewels” data or other evidence is collected from endpoints for later reporting.
Once all of these phases are completed in their entirety, time is spent culling all of the collected artifacts, vulnerabilities, and other findings from the penetration test in the reporting phase. A preliminary report is sent for your review. Upon approval it is considered the final report.
The following types of penetration tests are offered by SecReliant:
- Application penetration test
- Static and dynamic code analysis
- Product penetration testing
- External and internal network penetration testing