If you have any questions or comments regarding the services we provide, or for any other inquiries, please click on the button below located on the right hand side. Fill out the form and one of our representatives will contact you within the next business day.
EXTERNAL PENETRATION TESTING
Digital Wyzdom has over 15 years experience in system/network penetrations. We have developed penetration methodologies and attack tools for a variety of systems, operating systems and network components.
We have a long association with penetration testing activities for Government and commercial customers. Our work has covered classified and unclassified areas. We use a mission-oriented philosophy designed to exploit system vulnerabilities in a way to best understand the impacts to information flow within an information system.
Our results provide a strong foundation for a structured approach to improving the information system defenses.
External Penetration Testing is the process of assessing a network for external vulnerabilities and if found performing a controlled and verified simulated attack to verify the results. This type of test is valuable in determining an organization's overall security strength.
We follow a strict methodology and process, which includes : Discovery, Enumeration, Susceptibility Mapping, Utilization, and Reporting
Digital Wyzdom will perform thorough searches of the various whois databases, scan tools, etc, to obtain as much information as possible about the target organization. These searches often reveal many more Internet connections than the organizations expect. It is also important to leverage Usenet postings and Social Engineering tactics (if in scope) - many organizations are amazed by how willing their employees are to divulge information that is useful to an attacker.
Once specific domain names, networks and systems have been identified through discovery, the penetration tester will gain as much information as possible about each one. The key difference between discovery and enumeration is the level of intrusiveness. Enumeration involves actively trying to obtain user names, network share information and application version information of running services, limited only by agreed-upon rules of engagement and scope.
Susceptibility mapping, one of the most important phases of penetration testing, occurs when security practitioners map the profile of the environment to publicly known, or, in some cases, unknown vulnerabilities. Digital Wyzdom has a dedicated research department, which is constantly brushing the “blackhat” community for new and emerging vulnerabilities. The tester's most critical work is performed during the discovery and enumeration phase.
The utilization phase begins once the target system's vulnerabilities are mapped. The penetration tester will attempt to gain privileged access to a target system by exploiting the identified vulnerabilities. The key to this phase is manual testing. No automated tool can duplicate the testing of an experienced penetration tester who is skilled in the art.
Digital Wyzdom works to develop a report that will provide clear findings and a prioritized matrix of actions, work efforts, and findings. Digital Wyzdom will provide a preliminary draft report to the technical point of contact for the purposes of review and clarification followed by a final report at the conclusion of testing. The report will include:
- Executive Summary
- Methodologies and scope
- Priority Matrix, indicating remediation priorities, and risk
- Findings and recommendations sufficient for risk management and remediation planning