Penetration testing is the next step up from a vulnerability assessment. While automated tools are leveraged for reconnaissance and enumeration, manual testing is largely performed. Systems could be tested at the network layer, the application layer, or both layers.
The NCI Approach:
NCI’s penetration test begins with what we call a grey box. To enable cost efficiency and maximum productivity, our ask of you is to supply the following:
- IP Addressing and Target URLs for web application penetration testing
- user documentation applicable to the application to be used
- application design documents outlining architecture and implementation
- network diagrams to evaluate existing protection mechanisms
Your NCI consultant will mimic potential malicious attackers in an attempt to identify vulnerabilities within system components. Upon vulnerability discovery, the consultant will:
- exploit the vulnerability
- attempt to elevate privileges in order to gain further access to the system
- perform reconnaissance and enumeration in order to identify further vulnerabilities and attack vectors
The goal of this engagement is to attempt to mimic what a malicious attacker might do, for the purpose of bringing vulnerabilities and attack vectors to light.
With vulnerabilities identified and detailed recommendations to address the issues provided, the clients can then remediate the vulnerabilities to prevent malicious exploitation.
Does your organization have vulnerabilities you should be made aware of?