There are two main reasons why Penetration Testing is important: 1) it is required for compliance with requirements such as HIPAA or FISMA or 2) to discover any deficiencies in your networks. With growing threats, increasing attack sophistication, mandates for security compliance, and the pressure to protect corporate data, it is important to ensure your organization's defenses functioning as designed.
CompliancePoint’s Penetration Testing methodology involves a comprehensive analysis of publicly available information about your target systems and configuration documentation. This assessment includes a mix of manual and automated scanning penetration techniques to identify the impact of vulnerabilities identified and understand the overall security behavior of the target web application, database, and/or firewall.
Simply, CompliancePoint's experts will conduct ethical hacking that will help identify areas of exposure that may be putting your organization’s data at risk of exposure to internal and external threats and/or regulatory violations.
CompliancePoint also offers annual penetration testing for customers requiring ongoing testing for HIPAA and FISMA compliance.
CompliancePoint's qualified security consultants will conduct internal and external pen testing of the following areas:
Our experts will attempt entry through the routers, switches, firewalls, load balancers, and any infrastructure you have in place to connect your systems.
Our experts will enter the servers (i.e. Windows, Linux, etc.) in an attempt to penetrate any exposed services like authentication, file transfer, and file shares.
Our experts will conduct testing against specific applications to identify existing vulnerabilities and enable you to protect the data held within those applications.
The Wireless Penetration Test is designed to mimic attempt entry through the Wi-Fi connections and any wireless infrastructure you have in place to connect your systems.
With our Phishing Penetration Test, our experts will use ethical tactics to phish your staff through email, phone, in-person, and/or social media as a method of identifying modern social threats and arming your organization against them.
Our assessors and consultants are experts in the focus areas as they pertain to information security and protecting data assets.