What is a Penetration Test?

A Penetration Test is a comprehensive test of a company’s security posture emulating the methods and attacks a malicious party would attempt against an organization.

The intended purpose is to test the security controls of an organization in a “real world” scenario. Vulnerabilities are identified and evaluated in an organization using industry standard methodology and practices. The Penetration Test goes further, attempting to exploit those vulnerabilities and expose risk to an organization.

The scope and areas evaluated are varied and can cover a range of topics. DFDR’s team are experts in multiple industries. Major types of engagement:

  • External Security Perimeter
  • Internal Security Controls
  • Web Applications
  • Wireless
  • Social Engineering
  • Physical Perimeter and Controls

Why perform a Penetration Test?

Many industries and audit standards now require periodic penetration tests to be performed, typically annually. PCI and HIPAA, in particular, require this type of testing to be performed periodically. The landscape for organizations and their information assets is changing quickly. With the significant rise in breaches, exposures and attacks, testing and performing gap analysis on your security controls is more important than ever.
Many organizations commit significant resources to their security posture, yet never test their controls for efficacy. A Penetration Test performs that analysis for you.

What goes into a Penetration Test?

There are many vital components to an penetration test. Depending on the agreed upon scope of work, the following components are part of a full solution:

  • Threat Modeling
  • Public and Open Source Information Gathering
  • Active Information Gathering
  • Active Intrusion
  • Post-Exploitation
  • Reporting

A rigorous review of the environment with a custom report detailing vulnerabilities and risk exposure present is delivered to the client. Along with this, the efficacy of controls, remediation steps and gaps in security posture are evaluated and collaborated on with the client.

The key difference between this type of engagement and a vulnerability assessment is that vulnerabilities and risk are attacked, exposed and meaningfully evaluated in a “live fire” exercise.
Along with the fully customized and easily understood report, the client is supplied raw data and generated reports that not only validate the identified issues but also supply the client with actionable intelligence and information. We work with the client to determine appropriate steps, management of the risks and the impact they have on an organization.

The key to any successful engagement is the the reporting of the data, strong guidance and a deliverable which is easily understood by all parties and decision makers in an organization. Implementing changes or acting upon the risks and vulnerabilities discovered during the test is critical. DFDR’s role in the process is delivering a report with recommendations by evaluating the data gathered in a sound, logical, and appropriate manner.

DFDR’s Information Security team has extensive experience in Penetration Testing along with numerous industry accreditation, certifications, and awards.

  • Forensic/Ediscovery
    • Consulting
    • Digital Forensics
    • Mobile Forensics
    • Expert Witness Testimony
    • Litigation Support
  • Data Revovery
  • Password Recovery
  • Drive/Data Wiping
  • Training
  • Security

HEADQUARTERS

690 Sugartown Rd.
Malvern, PA
Suite WH-201
United States
View in Google Maps

PHILADELPHIA OFFICE

1845 Walnut St.
Philadelphia, PA
Suite 1600
United States
View in Google Maps