Penetration Testing
A penetration test can be part of a larger Information Security Risk Assessment or it can be a standalone, more focused test.
We conduct all forms of penetration testing.
In 2013 we pioneered the industry-first continuous penetration service and platform, Lifeguard.
We are experts in:
- web application penetration testing
- network penetration testing
- application penetration testing
- hardware penetration testing
- modem “war dial” penetration testing
- social engineering – phishing and other forms of human testing
- mobile app penetration testing
- API testing
We test from:
- The Internet and other external sources, such as partner networks
- Within the organization
We test covertly, and overtly.
We test for PCI, NERC, or FISMA compliance, or for whatever reason you like.
A typical Shorebreak Security penetration test team is made up of 3-4 expert penetration test engineers, each with a minimum of 10 years in Information Security.
Shorebreak Security engineers have written books on the topic, have researched and discovered new vulnerabilities (zero day), are up to date on emerging threats and trends, and have each conducted dozens of penetration tests.
Results from a vulnerability scanner are often some of the last things we look at when doing a penetration test – we think like an attacker, so we target “soft” systems first. We usually gain access to systems and find vulnerabilities that a scanner doesn’t. It is not uncommon that we find “zero day” vulnerabilities.
What you get out of a Shorebreak Security Penetration Test
At the conclusion of a Shorebreak Security penetration test, you will know how secure your system is; how well your defenses and detection processes are working, and how well your overall Information Security program is working.
You will know the areas on which you need to improve, and what to to spend your resources on.