Penetration Testing

Expose Your Weaknesses Before Real Hackers Do

A penetration test, also known as a pen test, Pentest, or ethical hacking, is an authorized simulated cyber attack on a computer system, performed to evaluate the security of the system.

Six reasons to have a Penetration Test:

1. Expose Your Weaknesses Before Real Hackers Do
2. Reveal Areas of Security You Need to Invest In
3. Provides an Outsider Perspective on Your Security
4. It Will Save You Money.
5. It Simulates a Real Attack Scenario
6. Required for Compliance or reporting requirements with various standards NIST, SOC2, HIPAA, GDPR

ESX can provide quote for a comprehensive Pentest that will meet compliance requirements

Proposals usually involve:

1.   Internal Network Penetration Test
2.   External Network Penetration Test
3.   Website / Web Applications
4.   Deliverables
• Comprehensive full report and executive summary
• Details of each finding – including tools/scripts/methodology used to discover vulnerability and risks, as well as      guidance to remediate
• Recommendations for security initiatives the client should make in the next 30/60/90 days

Frequently Asked Questions

Why do a Penetration Test?
The summarized results of a penetration test are essential for understanding and assessing the current security level of your IT systems. The results can provide your company with insightful information about identified security gaps, and their actual and potential impact on the system’s functioning and performance. An experienced penetration tester will also present you with a list of recommendations for their timely remediation as well as help you develop a reliable information security system and prioritize your future cybersecurity investments.

How is penetration testing done?
Penetration testing helps to identify vulnerabilities within a network and/or IT ecosystem. This means there is a distinct difference between penetration testing and performing a vulnerability assessment. A penetration test involves methods used to perform legal exploits on a network to prove that security issues do or do not exist.

What are the different types of Penetration Tests?
External network penetration test. An external network penetration test is typically what most people think of when talking about pen-testing.

• Internal network penetration test
• External Pentest
• Web application penetration test
• Social Engineering

Internal Penetration Test – details
Use port/vulnerability scans to identify risks on your network, then use various tools & techniques of a hacker to leverage risks for a negative impact.
Goals of a penetration test can include:

• Accessing sensitive/secret company data
• Cracking user passwords
• Planting backdoors
• Exfiltrating data out of the network

External Penetration Test – details
Similar to an internal Penetration Test, only the focus will be your external-facing endpoints such as mail servers, VPN portals, and firewalls, including reviewing what your company looks like from an external perspective asking questions such as:

• What can an attacker learn about your company’s physical locations?
• What sensitive information might your employees be posting on Twitter and Facebook?
• What can we learn about your company’s network simply by analyzing files on your public website?
• What can a hacker find (i.e. usernames/passwords for your employees on the Dark Web)?

Website/web app penetration test
Examine vulnerabilities within a web application – things like SQL injection, cross-site scripting, authentication issues, and more. Use a combination of manual tools and techniques – while following the (OWASP methodology) for these types of tests.

Customers

Over 3000 Happy Customers

Talk to one of our experts.

Sales Hours

M-F: 7am - 6pm (CST)

Call Us

952-943-0900

Address

7160 Shady Oak Rd
Eden Prairie, MN 55344