Penetration Testing

How does your organization look to an attacker?

Penetration Testing is the process of planning, executing, and assessing the results of an authorized attack upon an organization. Penetration testing (also called "pen-testing") gives you specific information on how the organization detects and responds to attack, a critical part of your organization's defense capability.

Interhack's Penetration Testing service is delivered in a seven-stage process outlined in the Penetration Testing Execution Standard.

  1. Scoping and Authorization establish how broadly and deeply the attack should be directed, and ensure that we have authorization to conduct the attack;
  2. Intelligence gathering is the phase where we collect information about the targets, allowing us to begin planning;
  3. Threat Modeling looks at what actions and actors can target your organization, and specifically which assets in your organization are best targeted;
  4. Vulnerability Analysis brings in real-time information about your organization's defenses and weaknesses;
  5. Exploitation is where we attempt to use the vulnerabilities to compromise the organization consistent with our rules of engagement;
  6. Post-exploitation is the phase following our success in exploiting the identified vulnerabilities. We maintain control of the environment and typically perform a reassessment of our rules of engagement to avoid creating a real-world exposure to the client; and
  7. Reporting in the form of a report with both an Executive Summary suitable for executive leadership and complete statement of methodology, results, and discussion for staff to take action.

Interhack conducts penetration testing operations with teams of experts in software, networking, and operations. Interhack's experts have authored books and formal literature on vulnerabilities and countermeasures. Our Penetration Testing service is part of our system of Cybersecurity services, able to incorporate results of Network Traffic Assessment, Vulnerability Assessment, and Application Security Evaluation. Results may be in turn used in a higher-level deliverable, the Information Security Program Assessment.

Tell us about your concerns and expectations, we can show you how our expertise can best help you be assured of your organization's security.