Security AssessmentsPenetration Testing

title bar pixelated squares - Penetration Testing

At Sword & Shield, we have developed an expert methodology and proprietary testing platform to perform in-depth security reviews for reducing your network’s risk.

Common Types of Testing

Our internal/external network security testing service includes the following:

  • Vulnerability Assessment – Automated testing evaluates specific systems and individual devices for known weaknesses. Sword & Shield analysts then manually review the results to eliminate any false positives.
  • Penetration Testing – Using the vulnerability assessment results, our analysts attempt to use the identified security weaknesses to bypass system controls. This assists the analysts in determining how a system may be compromised and where additional safeguards are needed.
  • Security Auditing – The security audit process will evaluate if there is a functional security mechanism in place for every security requirement.

Penetration Testing for Compliance

If you have regulatory compliance needs, we can provide penetration testing services as part of a comprehensive compliance solution for healthcare, PCI, and Experian EI3PA.

Our Approach to Internal/External Network Security Testing

The objective of our experienced and highly-skilled analysts is to examine security weaknesses in your Internet-facing network infrastructure. We work with the client to create the optimal test plan. We can perform internal/external security testing remotely to reduce travel and lodging expenses. Our security engineers use a variety of scanning tools to improve the accuracy of the test results to produce sound and actionable recommendations.

Key Testing Stages include:

  1. Security Architecture Review
  2. Vulnerability Analysis Test Plan
  3. Network Mapping and Data Collection
  4. Threat Model Identification
  5. Vulnerability Identification
  6. Penetration Testing
  7. Analysis and Reporting
  8. Gauntlet™ is our proprietary platform for aggregating and correlating identified vulnerabilities across multiple security tools to produce actionable reports.

Questions Our Report Will Answer

  • What are the most critical vulnerabilities that threaten the security of my perimeter defenses?
  • What is the probability that a hacker could penetrate my perimeter and gain access to my data?
  • Do I have unauthorized hosts on my network?
  • How do I prioritize the vulnerabilities, create a plan for improvement and get the budget approved?

Real Success Story

Sword & Shield analysts were conducting an external Network Vulnerability Assessment (NVA) and Penetration Test (PT) for a mid-size insurance company. They discovered a log-in prompt on an Internet-facing host. Upon further inspection, they identified a short string of text which is commonly associated with a specific type of system. Using a list of known accounts found on the Internet that are commonly associated with the system, they were able to log in successfully. Next they used a search tool, included in the system, to collect: the full name, date of birth, Social Security Number, and home address of hundreds of the insurance company’s clients.

Based on the findings of the Sword & Shield team, the insurance company was able to correct the problems immediately. They disabled all of the default accounts and removed the short string of text provided within the log-in prompt. This is just one example of how the Sword & Shield external NVA/PT quickly helped an insurance company correct a critical vulnerability.

Security Assessments

Your organization’s reputation is one of its most valuable assets. Sword & Shield’s comprehensive suite of Security Assessments can expose your hidden risks and vulnerabilities and help you develop a plan to reduce your risks and prepare for attacks targeting your valuable data.

Find Out More

Datasheet Download

penetration testing

Expose Your Hidden Risks and Vulnerabilities

Request a Free Consultation for our Security Assessment services.

Featured Additional Security Assessment Services

Sword & Shield provides a wide variety of security assessment related services for our clients. The following list provides an overview of some of the most common services we perform. For more details about these services or other services we perform, contact us today.

Database Security

Our engineers are experienced in auditing Oracle, Microsoft SQL, Notes, and several other database management system products. Among other things, Sword & Shield security engineers analyze authentication and authorization controls in the database system for least-privilege access controls and audit traceability. Emphasis is placed on matching the degree of security with the business and operational needs.

Firewall Audit

A Sword & Shield Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. As a first line of defense against attacks, firewalls and routers must be implemented and maintained properly. Our Firewall/Router Audit provides a detailed analysis that reduces risks and increases perimeter security.

Mobile Application Assessment

Our Mobile Application Assessment, when combined with our Web Application Assessment, provides a comprehensive assessment of the security of the web application and the mobile devices used to interact with the application. The service analyzes the network transmissions and forensically analyzes the mobile device(s) used.

Phone Sweep

Sword & Shield performs a sweep of the telephone address space to detect unauthorized modems and authorized but insecure modems. We can perform a phone sweep as a stand-alone service, or as part of another service, such as an external network vulnerability/penetration test.

Security Architecture Review

The Architecture Review and Design process is coordinated through a client project manager and includes a set of structured interviews. These interviews and reviews focus on business areas supported by the network and the technology staff that supports the business units.

Virtual Infrastructure Assessment

This service provides the customer with the analysis necessary to protect all facets of a virtualized infrastructure. Included are areas related to access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis. The goal of the assessment is to identify security gaps and develop remediation strategies.

VPN Audit

The VPN Audit service audits your VPN and your VPN policies and recommends techniques to optimize and enhance your VPN’s effectiveness. We identify potential security vulnerabilities and help you reduce your risks.

Website Security Consulting

Web application security encompasses measures taken throughout the application’s life cycle to prevent exceptions in the security policy of an application or the underlying system vulnerabilities through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Wireless Security

Sword & Shield's Wireless Testing examines the subsystems, components and security mechanisms of a wireless network and identifies any weaknesses.