Pen Testing differs from vulnerability scanning. Specifically, the penetration test exploits vulnerabilities identified by vulnerability scans to validate what information is exposed.
Targeted network surveying
Attempting known exploits
Redhawk Network Security utilizes commercial software, open source software, and custom scripts to perform a comprehensive assessment of the internal and external network. The report identifies and rates vulnerabilities discovered, describes successful exploits, and provides recommendations for remediation.
Penetration tests are valuable for several reasons:
Determining the feasibility of attack vectors
Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities
Identifying vulnerabilities that may be difficult to detect with automated vulnerability scanning
Assessing the magnitude of potential business and operational impacts of successful attacks
Testing the ability of incident response to successfully detect and respond to the attacks
Compliance with regulatory guidance requiring annual penetration testing including FFIEC and PCI guidance.
WEB APP PEN TESTING
Comprehensive testing of your organization's web servers and external perimeter devices isolate vulnerabilities associated with web applications. Evasive methods are utilized to test security flaws from an external perspective, providing a real world test of online applications and security controls.
Redhawk simulates an attack on an application's security controls and highlights risks from exploitable vulnerabilities. Redhawk application penetration testing is built around a manual testing process. Using our methodology, Redhawk can evaluate actual exploitable vulnerabilities within an application. Testing results can be delivered remotely in most cases.
Cross Site Scripting
Hidden Variable Manipulation