A penetration test does not simply identify vulnerabilities – it actively exploits them to prove attack vectors against your security infrastructure. The goal of each of our penetration tests is to determine the real-world effectiveness of the security measures in place.
Through penetration testing, our team attempts to gain access to your physical or logical infrastructure through black box, gray box or white box access methods.
Before a white box test, our team is given complete or strong knowledge of your security. This allows us to imitate an “inside job” and give you recommendations to protect against an internal threat.
In a gray box assessment, our team begins a limited amount of information about your security. This scenario lets us determine weaknesses within your applications.
In a black box scenario, our team begins with little or no knowledge of your security environment. This type of testing simulates the methods of an external hacker.
Our security experts will work with your team to determine the appropriate penetration testing scenario for your security environment.
Internal and external penetration tests give you a holistic perspective of your organization’s security infrastructure. Focal Point's team of experts have a large arsenal of penetration methods to identify and exploit every possible weakness and our deliverables will give you a strategy to remediate these vulnerabilities.
Prior to beginning penetration testing, our team establishes a Rules of Engagement (RoE) document with the client, designed to scope the testing and minimize disruptions to production systems and networks. Our assessments combine the industry’s top automated tools with manual testing from Focal Point penetration testing experts, resulting in a comprehensive, real-world assessment that provides real visibility into your security.
During the course of the assessment, Focal Point will test for vulnerabilities from the following OWASP Top 10 categories:
Following a Focal Point penetration test, you will receive a set of deliverables designed to provide your team with all the information it needs to begin remediating security issues and prioritizing future projects. Our security experts will also hold thorough knowledge transfer sessions with your IT team to provide them with repeatable techniques for ongoing in-house assessments of your infrastructure. In addition, you will also receive: