Vulnerabilities… validated

The problem with most vulnerability assessments is that scans enumerate all possible weaknesses within systems without any thought to whether they are real, exploitable problems. This methodology often generates a very long list of potential findings that can easily overwhelm employees or distract resources from addressing real problems.

WaveGard's Penetration Testing Service provides our clients with a method for evaluating the security of their Internet network perimeter and internal systems by performing real world attacks using techniques similar to those used by malicious hackers. Our process involves active identification and analysis of your target systems for any known weaknesses, vulnerabilities and configuration flaws using leading edge system subversion tools such as Metasploit, Core Security Technologies CORE IMPACT, Tenable's Nessus, and numerous open source tools.

Identification and analysis is conducted from the viewpoint of a "malicious hacker" and with your permission, involves active attempts to exploit system vulnerabilities even if you have layers of security controls in place. The end result of this work is a complete analysis of each problem's criticality, ease of exploitation, and potential impact to the organization. Further, WaveGard provides valuable advice on ways to prioritize and correct the problems - effectively helping you grapple with pressing security problems.

WaveGard's Testing Methodology at a Glance:

• Step 1. Perform reconnaissance to discover information about the target
• Step 2. Perform targeted vulnerability scanning to uncover possible access vectors
• Step 3. Attempt host-level penetration and privilege escalation
• Step 4. Attempt application-level penetration. This includes vulnerability discovery within web, database or other application processes using multiple techniques such as SQL injection and cross site scripting attacks.
• Step 5. Attempt to gain deeper access to critical systems from compromised hosts