Penetration testing is the practice of testing a computer system, network, or web application to identify security vulnerabilities that an attacker could exploit safely. Penetration testing is done in a controlled environment to help organizations understand where they may have vulnerabilities, allowing them to find and correct issues before a data breach. This assessment will serve as a tool to help identify and demonstrate weakness in the security configuration in alignment with industry standards and subject matter expertise.

We assess the exploitability of the current security configurations to determine if a weakness exists and access can be gained utilizing that weakness. After the success of our assessments, we recommend solutions to help protect your organization and your sensitive information by ensuring security best practices are followed to protect, detect, and react to security threats, both internally and externally.

Our goal is to validate key preventive controls by simulating two kinds of attacks: business e-mail compromise (BEC) and ransomware. The approach to accomplish this will be for the penetration testing team to perform actions across a “kill chain” using realistic, human-driven methods. To expedite this process, the assessment team will employ the following: