Speak to a Security Expert

Identify Weaknesses To Improve Security and Reduce Your Attack Surface
> Identify weakness in your technologies, processes, and people
> Reduce risk and meet compliance requirements
> Remediate vulnerabilities and minimize the attack surface

Ethical Hacking & Penetration Testing

OWASP

WASC

CREST

PCI

SANS

Penetration Testing Strategies

BlackBox Penetration Testing

ValueMentor takes the advantage of our global delivery team providing cost effective & quality deliverables

Greybox Penetration Testing

Dynamic Application Security Assessments are performed to identify technical vulnerabilities such as those in OWASP top 10.

Whitebox Penetration Testing

An Application Security assessment would be complete only if threats models are validated using manual testing methods.

ValueMentor Penetration Testing Approach

Scoping

Project initiation & Scoping

  • A non-disclosure agreement is the first step towards maintaining confidentiality.
  • A well-defined Scope of work helps the client and valueMentor security analysts to define the limits of the penetration testing

Footprinting

Footprinting of assets within the scope

  • Network Discovery is performed to identify information such as Active hosts, Active Services, Insecure Services, Fingerprinting the Operating System etc.
  • Identifying the publicly available information enables the attackers to perform targeted attacks against the client

Vulnerability Analysis

Vulnerability Assessment

  • Automated scanning for finding known vulnerabilities
  • Compliant with PCI ASV Vulnerability requirements
  • A comprehensive list of vulnerabilities are identified & validated
  • False positives are eliminated to create an actionable list of findings

Attack & Exploitation

Security Assessment & Attack Simulation

  • Our security testing team will prepare the test cases based on the threat profiles.
  • Security test cases are performed using automated and manual methods.
  • Security testing covers OWASP, SANS, WASC & PCI security assessment requirements
  • A comprehensive list of vulnerabilities are identified & validated
  • False positives are eliminated to create an actionable list of findings

Reports with remedial actions

Reports with Remedial Actions

  • ValueMentor security analysts rank the security vulnerabilities based on both universal vulnerability rating and unique risk rating to the client’s environment.
  • Our security solutions team would add remedial actions to be performed, giving a quick solution for the client to remediate the security risk.
  • Detailed report for the technical team and summary report for the executive management are included.

Re-Test

Re-test of the reported vulnerabilities

  • To confirm the application is secure, validation of the closure of vulnerabilities are performed.
  • Our external web application security assessments include re-tests of all identified vulnerabilities until they are brought down to acceptable risk levels.

Penetration Testing Types

Internal Penetration Testing

An internal penetration testing helps you identify the security weaknesses within your internal network. This would simulate an attacker who is an internal user, a contractor, a visitor or an attacker remotely controlling one of the internal systems. In an internal penetration testing our analysts helps you find:

  • Weak password practices
  • Effectiveness internal Security controls like firewalls, ACLs, antivirus etc
  • Vulnerable systems / servers/ desktops /network devices
  • Sensitive data available without adequate protection
  • Escalate privileges to that of an administrator / super user

External Penetration Testing

An external penetration testing simulates the attack from external hackers to your organization. An external penetration testing will assess the effectiveness of the security controls such as firewalls, routers, IPS/IDS, WAF and other access control systems.  Key Benefits of Pen Testing

  • Validate your security controls
  • Satisfy compliance needs, including PCI, FFIEC, HIPAA
  • Tests your response and detection capabilities
  • Vulnerable systems & network devices
  • Identifies sensitive data available without adequate protection

Application Security Assessments

,
Web applications play a key role in today’s business and connect organizations with its customers, partners and suppliers. For most organizations, web applications connect to most critical information assets within in the organizations. This…

Mobile Application Security & Risk Analysis

,
Mobile applications are increasing in numbers every day. Today more mobile phones / tablets accesses web applications than PCs. Increase in mobile applications means, application vulnerabilities and thus security incidents. Many mobile applications…

Wireless Security Assessment Service

,
A wireless network offers a convenient way for your employees and partners to connect to the network. An insecure wireless network will enable an attacker to easily access your networks. The use of weak wireless protocols, configuration mistakes…