
Penetration Testing
PENETRATION TESTING
Pen Testing differs from vulnerability scanning. Specifically, the penetration test exploits vulnerabilities identified by vulnerability scans to validate what information is exposed.
Targeted network surveying
Port scanning
Service probing
Password cracking
Attempting known exploits
Redhawk Network Security utilizes commercial software, open source software, and custom scripts to perform a comprehensive assessment of the internal and external network. The report identifies and rates vulnerabilities discovered, describes successful exploits, and provides recommendations for remediation.
Penetration tests are valuable for several reasons:
Determining the feasibility of attack vectors
Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities
Identifying vulnerabilities that may be difficult to detect with automated vulnerability scanning
Assessing the magnitude of potential business and operational impacts of successful attacks
Testing the ability of incident response to successfully detect and respond to the attacks
Compliance with regulatory guidance requiring annual penetration testing including FFIEC and PCI guidance.
WEB APP PEN TESTING
Comprehensive testing of your organization's web servers and external perimeter devices isolate vulnerabilities associated with web applications. Evasive methods are utilized to test security flaws from an external perspective, providing a real world test of online applications and security controls.
Redhawk simulates an attack on an application's security controls and highlights risks from exploitable vulnerabilities. Redhawk application penetration testing is built around a manual testing process. Using our methodology, Redhawk can evaluate actual exploitable vulnerabilities within an application. Testing results can be delivered remotely in most cases.
Testing Features
Input Validation
Buffer Overflow
Cross Site Scripting
URL Manipulation
SQL Injection
Hidden Variable Manipulation
Cookie Modification
Authentication Bypass
Code Execution