Penetration Testing / Vulnerability Assessments
Technology Vulnerability Assessment
Understanding the security risks to your IT system is essential. Knowing exactly how vulnerable your system is to injury—whether from human or viral attacks, compromise, data loss or system failures—gives you actionable knowledge.
A Technology Vulnerability Assessment objectively assesses how effective your current technology risk management practices are, gauging and prioritizing vulnerabilities.
The value of an assessment is directly related to how relevant it is to your unique business needs. That’s why we start by gaining an understanding your business and its operational environment, from business processes to the methods with which you share information with external entities. From this perspective, we thoroughly examine your IT system and judge the severity of any flaws that we find.
For example, one vulnerable business application could leave a door open to a hacker who could compromise an organization’s entire IT system. Through our structured assessment process, we find vulnerable applications and other avenues of exploit, and advise you of the necessary controls so that you can prioritize, budget for and take strategically sound action on any problem.
Drawing on up-to-date knowledge and years of IT assessment experience, we employ a mix of sophisticated tools, methods and investigative skills to provide you a report that is accurate and highly relevant.
Network and Application Penetration Testing
Penetration Testing (also known as intrusion testing) is the process of actively evaluating information security by adopting the role of an attacker in order to test and expose weaknesses in an organization’s security. Such work involves testing technology and human, non-technology systems alike, and can be designed to test any means by which an organization captures, stores and processes information.
Threats may come from many sources, from viruses and malware to criminals to business competitors to disgruntled employees to human carelessness.
SJU’s Penetration Testing service encompasses understanding how a business operates, its IT systems, its security policies and procedures, and the human, “social engineering” aspect of security exploitation. Our ethical hacking team conducts attacks against a variety of vulnerabilities relevant to your business and has proven experience conducting:
- Web application penetration testing
- Network penetration testing
By understanding your organization and the relevant technology risks, our ethical hacking team provides comprehensive service by:
- Seeking to exploit vulnerabilities across the information environment
- Assisting managers to identify security risks
- Exposing vulnerabilities
- Identifying remediation solutions
Attacks can be executed from any angle, including:
- Attempting to infiltrate software applications, databases and networking equipment
- Website or web application intrusion
- Wireless network, remote access and phone system hacks
- Accessing sensitive information physically, such as dumpster diving
- Using social engineering techniques such as posing as a member of a tech support team, email phishing and attempting to extract sensitive information from employees via the telephone
The result of our Penetration Testing is the confidence that, through “ethical hacking,” the integrity of your IT system has been rigorously tested to stringent standards and that the reasonable risk of vulnerability has been ascertained. The reports we deliver provide you with real, tangible evidence of any problems and specific information that enables you to take effective remedial action.