Skip to main content

Internal and External Penetration Testing

A penetration test does not simply identify vulnerabilities – it actively exploits them to prove attack vectors against your security infrastructure. The goal of each of our penetration tests is to determine the real-world effectiveness of the security measures in place.

Through penetration testing, our team attempts to gain access to your physical or logical infrastructure through black box, gray box or white box access methods.

Open Lock

White Box

Before a white box test, our team is given complete or strong knowledge of your security. This allows us to imitate an “inside job” and give you recommendations to protect against an internal threat.

Closed Lock with Key

Gray Box

In a gray box assessment, our team begins with a limited amount of information about your security. This scenario lets us determine weaknesses within your applications.

Closed Lock

Black Box

In a black box scenario, our team begins with little or no knowledge of your security environment. This type of testing simulates the methods of an external hacker.

Our security experts will work with your team to determine the appropriate penetration testing scenario for your security environment. 

The Value of a Penetration Test

Internal and external penetration tests give you a holistic perspective of your organization’s security infrastructure. Focal Point's team of experts have a large arsenal of penetration methods to identify and exploit every possible weakness and our deliverables will give you a strategy to remediate these vulnerabilities.

  • Delivers recommendations needed to mitigate risks and reduce the likelihood of successful attacks
  • Leverages human expertise to find vulnerabilities not uncovered by automatic tools
  • Identifies high-risk vulnerabilities that result from a combination of low-risk vulnerabilities
  • Provides insight into business impact of successful attack
  • Provides evidence to executives of need to invest in security infrastructure
  • Meets compliance mandates, such as Payment Card Industry Data Security Standards (PCI DSS)

Penetration Testing Methodology

Prior to beginning penetration testing, our team establishes a Rules of Engagement (RoE) document with the client, designed to scope the testing and minimize disruptions to production systems and networks. Our assessments combine the industry’s top automated tools with manual testing from Focal Point penetration testing experts, resulting in a comprehensive, real-world assessment that provides real visibility into your security.

During the course of the assessment, Focal Point will test for vulnerabilities from the following OWASP Top 10 categories:

  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XEE)
  • Broken Access Control
  • Security Misconfiguration
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...

Following a Focal Point penetration test, you will receive a set of deliverables designed to provide your team with all the information it needs to begin remediating security issues and prioritizing future projects. Our security experts will also hold thorough knowledge transfer sessions with your IT team to provide them with repeatable techniques for ongoing in-house assessments of your infrastructure. In addition, you will also receive:

  • A full description of all uncovered vulnerabilities and their corresponding risk rating
  • A gap analysis aligning security issues uncovered to best practices
  • Positive security controls identified
  • Descriptions of successful penetrations and general methodologies employed
  • Recommended changes to immediately reduce risk to internal and external networks
  • An executive summary report