Penetration Testing

Program

By working with Sedara on Information Security Testing and Assessment often referred to as Penetration Testing, your organization will have the benefit of an experienced and dedicated cybersecurity team, to help accomplish compliance, security goals with risk reduction.

An information security assessment and testing is the process of determining how effectively an entity being assessed meets specific security objectives to compare actual and expected behaviors. Execution of testing and examination must support the technical process.

  • Based on industry-accepted approaches
  • Coverage of defined critical systems
  • Includes external and internal testing
  • Application-layer testing
  • Network-layer tests for network and OS

Methodology

Sedara’s cybersecurity program development services can be customized to fit your company’s individual needs, budget, and timeline, and may include:

Three attack surfaces should be attempted to be exploited.  External, Internal and Web with the following objectives:

  • Testing should be appropriate for the complexity and size of the organization
  • Should include all cardholder data locations, critical network connections, application storing, processing or transmitting cardholder data and or sensitive authentication data
  • Attempt to penetrate at network level and application level
  • Safely and effectively execute a technical information security assessment using the presented methods and techniques, and respond to any incidents that may occur during the assessment
  • Appropriately handle technical data (collection, storage, transmission, and destruction) throughout the assessment process
  • Sedara uses industry-accepted penetration testing approach derived from industry best practices such as but not limited to NIST SP 800-115, OWASP, and OSSTMM

External Vulnerability Assessment

Assesses the security of a network from outside the network to gain unauthorized internal access to the network

  • Obtain private data performing reviews & tracking changes
  • Exploit discovered vulnerabilities, or gaining any form of unauthorized access to systems

Internal Vulnerability Assessment

Assesses the security of a network from inside the network to gain unauthorized internal access to the network

  • Identify if the customer has any specific goals
  • Obtain private data, performing reviews & tracking changes
  • Exploit discovered vulnerabilities, or gaining any form of unauthorized access to systems.
  • Subnet to Subnet activity is as intended
  • Non-domain user and domain user network reconnaissance
  • Attempt to get access to a restricted domain user account
  • Confirm that restricted domain account has intended rights
  • Attempt to escalate privileges to highest possible role
  • Complete network recon with highest permission account
  • Document any additional security concerns

Contact Sedara to discuss a penetration test for your organization.