Pen Testing differs from vulnerability scanning. Specifically, the penetration test exploits vulnerabilities identified by vulnerability scans to validate what information is exposed.
- Targeted network surveying
- Port scanning
- Service probing
- Password cracking
- Attempting known exploits
Redhawk Network Security utilizes commercial software, open source software, and custom scripts to perform a comprehensive assessment of the internal and external network. The report identifies and rates vulnerabilities discovered, describes successful exploits, and provides recommendations for remediation.
Penetration tests are valuable for several reasons:
- Determining the feasibility of attack vectors
- Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities
- Identifying vulnerabilities that may be difficult to detect with automated vulnerability scanning
- Assessing the magnitude of potential business and operational impacts of successful attacks
- Testing the ability of incident response to successfully detect and respond to the attacks
- Compliance with regulatory guidance requiring annual penetration testing including FFIEC and PCI guidance.
WEB APP PEN TESTING
Comprehensive testing of your organization's web servers and external perimeter devices isolate vulnerabilities associated with web applications. Evasive methods are utilized to test security flaws from an external perspective, providing a real world test of online applications and security controls.
Redhawk simulates an attack on an application's security controls and highlights risks from exploitable vulnerabilities. Redhawk application penetration testing is built around a manual testing process. Using our methodology, Redhawk can evaluate actual exploitable vulnerabilities within an application. Testing results can be delivered remotely in most cases.
- Input Validation
- Buffer Overflow
- Cross Site Scripting
- URL Manipulation
- SQL Injection
- Hidden Variable Manipulation
- Cookie Modification
- Authentication Bypass
- Code Execution