800-810-1885
Home > Services > Security Testing > Penetration Testing Services

Penetration Testing Services

Customers often refer to this service by many names, including Penetration Testing, Intrusion Testing, Ethical Hacking, Vulnerability Assessment, and External IT Security Audits.

At Sword & Shield, we have developed an expert methodology and proprietary tools to perform in-depth security reviews for reducing your network’s risk. Our external network security testing service includes the following.

  • Vulnerability Assessment – Automated testing evaluates specific systems and individual devices for known weaknesses. Sword & Shield analysts then manually review the results to eliminate any false positives.
  • Penetration Testing – Using the vulnerability assessment results, our analysts attempt to use the identified security weaknesses to bypass system controls. This assists the analysts in determining how a system may be compromised and where additional safeguards are needed.
  • Security Auditing – The security audit process will evaluate if there is a functional security mechanism in place for every security requirement.

Penetration Testing for Compliance

Penetration Testing for PCI DSS Compliance

PCI-DSS Qualified Security Assessor

Some of our customers want a penetration test to satisfy their internal security standards. Others need a penetration test for compliance reasons. For customers seeking regulatory compliance we can provide a penetration test as part of a comprehensive compliance solution for healthcare, PCI, and Experian EI3PA.

PCI DSS Requirement 11.3.1 requires the performance of a network-layer penetration test at least once a year and after any significant infrastructure upgrade or modification.

Our Approach to External Network Security Testing

Our objective is to examine security weaknesses in your Internet-facing network infrastructure. Sword & Shield analysts are experienced and highly skilled. We work with the client to create the optimal test plan. We can perform external security testing remotely to reduce travel and lodging expenses. Our security engineers use a variety of scanning tools to improve the accuracy of the test results,to produce sound and actionable recommendations.

Key Testing Stages include:

  1. Security Architecture Review
  2. Vulnerability Analysis Test Plan
  3. Network Mapping and Data Collection
  4. Threat Model Identification
  5. Vulnerability Identification
  6. Penetration Testing
  7. Analysis and Reporting
  8. Gauntlet™ is our proprietary tool for consolidating vulnerabilities from different vulnerability scanning programs to produce actionable reports.

Questions Our Report Will Answer

  • What are the most critical vulnerabilities that threaten the security of my perimeter defenses?
  • What is the probability that a hacker could penetrate my perimeter and gain access to my data?
  • Do I have unauthorized hosts on my network?
  • How do I prioritize the vulnerabilities, create a plan for improvement and get the budget approved?

GIAC Certified Penetration Testing – GPEN

GIAC Certified Penetration Tester

GIAC Web Application Penetration Testing – GWAPT

GIAC Certified Web Application Penetration Tester

GIAC Auditing Wireless Penetration Testing – GAWN-C

GIAC Certified Auditing Wireless Networks

Certified Information Systems Security Professional

CISSP

Real Success Story

Sword & Shield analysts were conducting an external Network Vulnerability Assessment (NVA) and Penetration Test (PT) for a mid-size insurance company. They discovered a log-in prompt on an Internet-facing host. Upon further inspection, they identified a short string of text which is commonly associated with a specific type of system. Using a list of known accounts found on the Internet that are commonly associated with the system, they were able to log in successfully. Next they used a search tool, included in the system, to collect: the full name, date of birth, Social Security Number, and home address of hundreds of the insurance company’s clients.

Based on the findings of the Sword & Shield team, the insurance company was able to correct the problems immediately. They disabled all of the default accounts and removed the short string of text provided within the log-in prompt. This is just one example of how the Sword & Shield external NVA/PT quickly helped an insurance company correct a critical vulnerability.

Find Out More

Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.

U.S. Toll-free: 800-810-1885

International: 865-244-3500


Request a Consultation
State    
How can we help you today?
Spam Captcha   Type this: captcha

Sales answers requests within 1 business day and usually within a few hours.

 

Some of our Certifications

Our Awards

<<< Mobile Applications Assessment
Phone Sweep >>>

  • About Sword & Shield

    Since 1997 Sword & Shield has been the trusted information security partner for 3000 clients in 50 states and 27 countries around the globe.

    We offer comprehensive computer network security services and IT regulatory compliance for business and government. Let us help secure your future.

    Awards Certifications

  • Request Consultation

    State

    Anti-spam captcha

    Sales answers requests within 1 business day and usually within hours.