BrandCrock – Penetration Testing
Penetration Testing Execution Standard
OWASP Testing Guide
Open Source Security Testing Methodology Manual
Information Systems Security Assessment Framework
Web Application Hacker's Methodology
SANS 25 Security Threats
Our best-practices methodology has been fine-tuned over decades through thousands of
hours of experience.
Information Gathering - Scoping & pre-assessment - Pre engagement interaction
Define Vulnerability - Vulnerability Assessment - Threat Modeling
Exploitation of vulnerabilities - Gain Remote Access - Execute Attack Vector
Compromise Web Server
Report with Remediation Plan
Retesting all Vulnerabilities - Final Reporting
BrandCrock Penetration Testing Covered
Penetration testing methods we apply
Security Testing Benefits
Business Risks Mitigated
Loss of clients's trust
Full web applications compromise
Full web applications compromise
Admins accounts compromise
Users accounts compromise
Full infrastructure compromise
Reasons to Test
As you conduct regular vulnerability scans, hackers are doing the same thing – scanning your network, trying to find the weak points where they can break in. The difference is, hackers won’t stop when they find a vulnerability; they’ll attack. This is where the penetration testing comes in.
1. Hackers are continuously exploiting new bugs
often at a faster rate than security teams can keep up.
2. Penetration testing provides an independent assessment of your security
3. A penetration test may find holes in your security before a hacker does
before a hacker has a chance to exploit them.
4. Prioritize your security budget
5. Help you prepare for a potential breach
response plan in the event of a breach.
6. Penetration testing may be a regulatory requirement
for PCI DSS and several other industry regulations.
When You Need Penetration Testing
At the very least a penetration test should be performed on an annual basis. In some cases, a quarterly or even monthly penetration test may be the correct need for a company.
A vulnerability assessment allows you to prepare for a penetration test, and a penetration test allows you to prove you’re acting on any vulnerabilities, so it’s critical that a vulnerability assessment is performed (and identified vulnerabilities remediated) before any penetration testing is initiated.
A special case penetration test may be needed as well for the following:
- When new network infrastructure or applications are added to your environment
- Upgrades or modifications are made to either your infrastructure or applications
- Office locations are added or are heavily modified to the company’s organization
- Company procedures or policies are revised or established
- Regularly scheduled analysis and assessments are required by regulatory mandates.
- New network infrastructure or applications were added.
- Significant upgrades or modifications to infrastructure or applications were made.
- End-user policies were modified.
- Corporate IT was significantly changed.
Additionally, penetration tests are required by regulations such as GDPR, PCI-DSS. Most penetration testers should be able to review and recommend best practices for a company’s specific needs.
Pricing for Test
We shape the final price based on the number of targets and the required testing methods. We will be pleased to provide an estimate for your project.
Cost also depends on whether you want penetration testing to be a one-time thing, an on-going service, or an engagement that re-tests systems after you make the necessary changes to safeguard your operations and your network.
Complex systems with extensive data will take more time to test. The number of connected devices, access points, physical locations, networks, IP addresses, and various security layers will all play a role in determining a fair price.
The cost of a penetration test is determined by the
- Number of IP addresses and URL’s
- Size and complexity of the IT infrastructur
- Number of physical locations and data centers
- Network segmentation
- Timing of the service.