Penetration Tests

This assessment includes everything you would get in a Vulnerability Assessment with code execution while also:

  • Identifying the real impact of a vulnerability on your organization based on business context
    • A “Browseable Web Directory” issue might seem low risk to a vuln scan but if the data in the directory happens to contain a script with hard-coded credentials, that could potentially provide an adversary remote access.
  • Demonstrating the full impact of a potential breach, including multi-step attack paths1
    • Unauthorized access to your company WordPress is bad enough, but can attackers escalate privileges and pivot deeper inside your network using the website as a “beachhead” or pivot point?
  • Assessing how well your organization’s policies and procedures hold up to a concentrated attack
    • How well do your password policies (complexity, storage, etc) hold up in practice?
    • What about network segmentations for zones such as PCI or a DMZ?
    • Or IT response procedures to phishing campaigns?
  • Testing and providing recommendations for improving your security posture against tactics, techniques, and procedures (TTPs) not found on a vulnerability assessment
    • Many “manual” areas of attack are missed on a VA such as social engineering, post-exploitation activities such as lateral and vertical movements, to name but a few.

This assessment also contains some aspects of a Web Application Assessment if web applications are found in scope. Please note that it does not replace a full comprehensive Web Application Assessment, being more focused on quick exploitation than fully testing the web application. This is particularly true for issues that arise from inadequate role separations as this type of testing is simply not done during a network pentest.

For details, see our methodology. Or get a quote.

Do I need a Pen-Test or a Vuln Assessment?

While more affordable, a vulnerability scan may not be enough to adequately assess your organization’s level of risk. A pentest is our most general assessment type, containing all the value of a vulnerability assessment while digging a bit deeper on the impact of issues to properly determine risk. If you are unsure what exactly you want, this is the safe choice.

  1. An “attack path” is a set of actions taken by an actor to achieve an end goal, with each subsequent step being enabled by/dependent on the previous one They are generally used to characterize impacts that an actor cannot achieve in a single act (exploiting a vulnerability, leveraging a misconfiguration, etc) ↩︎