Penetration Testing Assessment

Penetration Testing Assessment

Identifying weaknesses in your cyber environment has become a priority for many businesses. A Penetration Testing Assessment can be a crucial first step to identify areas for improvement within your infrastructure. Aurora Security Consulting Services has a certified ethical hacker on staff who will go into your system and simulate a real cyber-attack to find areas in your computer system that are vulnerable to threats. We will use both automated and manual tests to evaluate your security controls and conduct tests against your internet perimeter.

Aurora currently offers three types of Penetration Testing Assessments. One is External Penetration Testing Assessment. In an external penetration test, Aurora’s team of engineers simulate an external or outside attacker. From the perspective of an outside attacker, the test will probe, identify and exploit vulnerabilities in the system within scope. Next, we will attempt to breach the security perimeter of the network boundaries and attempt to gain access to systems within scope, upon breach.

In an Internal Penetration Testing Assessment, we will run a test to simulate an internal attacker from inside your organization. The simulated hacker will attempt to escape out of the network boundaries and attempt to gain unauthorized user access to systems within scope and systems connected to a network.
Aurora Security Consulting Service also offers a Website Application Penetration Testing Assessment. This is designed to meet the best practices and industry regulations for application security such as PCI, HIPAA and Red Flag. In this type of Penetration Testing Assessment, it will look at the source code, the infrastructure, the operating systems, and the application functionality. The ethical hacker will attempt to gain unauthorized access to systems connected to the web application.

When you use Aurora Security Consulting Services to administer a Penetration Testing Assessment at a Professional level it will include:

  • Automated Security Scanning: Commercial scanning tools used to identify potential vulnerabilities
  • Report Development and Interpretation: Analyze results and remove false positives

At an Enterprise Level, you in addition to the first two steps you will also receive:

  • Network Architecture Review: Review network security design and identity weaknesses
  • Manual Exploit Testing: Perform manual in-depth testing techniques to validate weaknesses
  • Security Policy Review: Review up to 5 security policies for gaps in procedures

At an Enterprise + Level you will also gain additional add-ons including:

  • Automated Security Re-Scan (within 3 months): Re-scan identified systems after patches are put in place
  • Black Box Testing: Perform system identification without prior knowledge form the client on devices.