Penetration Testing

External Penetration Testing

During external penetration testing we review the vulnerabilities that could be exploited by unauthorized external users. This assessment will also show if there has been a Return on Investment of current security controls. Our security experts simulate external attacks attempting to exploit vulnerable systems and obtain confidential information by compromising the network. We use the best practice standards that incorporate guidelines from NIST, OSSTMM, and OWASP. EagleClaw Security utilizes its expert’s extensive experience in penetration testing and uncovers previous vulnerabilities providing a high level of security assurance.

Internal Penetration Testing

During internal penetration testing we review the vulnerabilities and provide protection from internal threats and ensure that internal users do not misuse privileges accorded to them. We at EagleClaw use black box techniques to perform tests on critical systems in the DMZ or on the internal network. We also testing the corporate user intranet or network to identify the impact of poor access controls, and help reduce the impact of disgruntled employees.

Wireless Penetration Testing

Insecure wireless networks pose a security risk by opening up your organization to the external world. We also check for access points, on the infrastructure that does not follow security guidelines thus compromising your organization’s security.

We identify the wireless infrastructure components that can be discovered and connected to and that act as an extension of your organization’s infrastructure perimeter. We also test the existing security mechanisms that are enforced using a mix of black and white box testing. We locate access points by using high powered wireless equipment and subsequently map the wireless infrastructure to identify and detect vulnerabilities. We also proceed with a white box test to authenticate with sample credentials against the wireless network. The sample user account and password provided by the client are used to simulate a compromised wireless user, with the aim of identifying if internal access controls are properly implemented.

Since most of the business is conducted on the Internet, its security is a critical IT performance factor, affecting everything from business continuity to cost management.