Assess the effectiveness your cybersecurity program. Identify and understand cybersecurity risks in your environment. Further improve your cybersecurity posture.
“How secure is my network?” | “How effective is my cybersecurity program?” | “Could someone compromise my network?“
Penetration testing consists of ethical hacking exercises that seek to answer these questions and many more. At Bound Planet, we provide internal and external penetration testing engagements that support various goals.
One of the first steps we take is to determine whether or not a penetration test makes sense for your environment. If your cyber hygiene could use improvement, or you aren’t performing certain activities like continuous vulnerability scanning and remediation, it might make sense to start there first. As an alternative, some businesses are looking for evidence to provide a case for additional cybersecurity funding.
Bound Planet follows a standard methodology for determining target audience, impact analysis, scope, goals, rules of engagement, and others that make up a penetration testing engagement.
- Target Audience – Who are the responsible parties and key stakeholders?
- Impact Analysis – What is the organizational budget? Are there any technical constraints?
- Goals/Objectives – What is being tested and/or what aspects of cybersecurity are to be considered?
- Statement of work – Define purpose, when activities will occur, scope, deliverables, and others.
- Scope – From what perspective should the test be conducted? External with no knowledge? Internal? Insider with basic network access?
- Rules of engagement – What methods are to be utilized during the engagement? Is Bound Planet authorized to conduct these activities?
- Footprinting / Reconnaissance – Gather information about the environment to build an attack strategy.
- Network scanning and enumeration – Identify potential target systems and applications.
- Vulnerability scanning and analysis – Enumerate flaws and potential exploits.
- Social engineering – Attempt to invoke end user actions that lead to information disclosure or network entry.
- Network-based attacks – Attempt to exploit network-based vulnerabilities.
- Wireless attacks – Attempt to exploit wireless networks to gain access or disrupt availability.
- Web and database attacks – Attempt to exploit flaws in application or database configuration.
- Operating system exploits – Attempt to escalate privileges, compromise vulnerable services, lateral movement.
- Penetration test report review meeting – A meeting to review the penetration test report, discuss findings, remediation, and next steps.
- Penetration test report – Bound Planet produces a report that details the engagement and findings. The report includes recommendations for remediation and overall cybersecurity program improvement planning.