Penetration Testing

Penetration Testing

RAZOR Technologies Technical Security Assessment Services tests key aspects of a customer’s environment for vulnerabilities and flaws that could be taken advantage of and or compromised. The objective is to build strategies that help secure and protect the enterprise.

Our penetration testing services includes a range of engagement models to suit the business needs of our clients. Regardless the type of assessment, the goal of the penetration test is to emulate the trade craft and tactics of real threat actors, within the defined scope and rules of engagement; this allows our clients to better understand and manage their business risk. Through the exploitation of discovered vulnerabilities we can measure the potential impact to our clients’ business reputation, operations and revenue.

RAZOR Technologies conducts its penetration tests using a methodology which has been assembled from industry standard models such as:

  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Test Execution Standard (PTES)
  • Open Web Application Security Projects (OWASP)

This provides our clients with a clear understanding of our phased approach while improving the quality of our deliverable.

 

External to the customer network

 

Internal to the customer network

Penetration Testing Services Provided

External Network Penetration Testing

In an external network penetration test the goal is not only to test perimeter defenses such as firewalls and email filters but also to enumerate and assess all externally facing network services for vulnerabilities and attempt to gain access.

Additionally, if included in scope, we can assess open source information that could be leveraged in an attack, such as:

  • Social Media (Facebook, Twitter, LinkedIn)
  • Forums
  • Job Boards

Web Application Penetration Testing

We perform both a manual and automated assessment of the web application in order to discover vulnerabilities caused by misconfigurations, poor coding practices or logic flaws and exploit those vulnerabilities in attempt to gain access to unauthorized data or the underlying operating system.

Once the Security Assessment has been completed, the successful transfer of knowledge following a Network Penetration Testing engagement, RAZOR Technologies will document and present our findings.

The output to your team will include:

  • Detailed report delivered to our clients after being validated and reviewed
  • Each report includes all discovered vulnerabilities and their associated risks given the threats for that industry or organization.
  • Reports include executive summaries and detailed recommendations on options to remediate the identified vulnerabilities.

Internal Network Penetration Testing

In this phase we focus on the high value assets identified in collaboration with the client, in addition to foundation authentication and authorization services in order to provide greater business value. These systems are enumerated and scanned to identify vulnerabilities which are then analyzed and a subset exploited to determine the impact to the business.

  • Port scanning (standard and non-standard ports are probed)
  • IP scanning (discovering hosts and verifying host status)
  • DNS Lookup
  • Service fingerprinting (banner grabs, response analysis, known port lookup)
  • Service enumeration (pull relevant information from open services)
  • Operating System identification