External Pen-Test - SecureState, Information Security Assessment and Protection

External Pen-Test

Attack & Penetration testing (aka Ethical Hacking) is the finding and exploitation of known and unknown vulnerabilities. On average attack & penetration tests find three times as many vulnerabilities that can affect your company than vulnerability scans.

Why we're the best:

During Penetration activities, SecureState's consultants use only proprietary tools

SecureState's tools have even been published in Globally recognized tool kits

SecureState's consultants are highly sought after to speak for journalists and at
seminars across the country
Some of SecureState's personnel hold high level government clearances and are trusted with the nation’s most heavily classified data
SecureState performs external penetration tests with as little information about the systems in scope to provide a true "hacker's" perspective
With just a URL, SecureState's consultants can map out your company's footprint, discovery hosts, map out ports, and attack and exploit any vulnerabilities
With nearly a decade of experience, the SecureState team comes from many different backgrounds, including Big X, military intelligence (M.I), and security firms around the nation

What we do:

1. Footprint/Discovery

SecureState's consultants will work with just your company name and map out your company's Internet footprint. During this process SecureState usually finds hosts that were previously unknown to the client.

2. Manual Identification of IP Addresses, Services, Ports & Applications

SecureState's consultants will manually validate all findings from the footprint/discovery activities.

3. Manual Attack Techniques

SecureState's consultants will manually attack and exploit all vulnerabilities with the Internet facing systems. SecureState finds that manual activities find many more vulnerabilities and provide a more accurate risk rating than vulnerability scans.

4. Baseline Validation Scans (Includes web application blackbox and vulnerability scans)

Utilizing the top automated tools available, SecureState will run scans of the Internet facing systems. These scans identify any vulnerabilities on systems not tested manually.

5. Retest of High Findings (30 Days)

At no extra charge, SecureState's consultants will retest the vulnerabilities discovered during the penetration test to be sure that the vulnerabilities, as well as the risk associated with them, were mitigated.

What you get:

1. MyState Portal

For 60 days, you will have full access to SecureState's secure MyState portal. This portal will provide up to the second findings, as well as mitigation support throughout your SecureState experience.

2. Final Report (Exec Summary / Walk Through)

Upon completion of the penetration tests, SecureState's consultants will meet your security and executive team to walk through our findings. We will also present a detailed road map to fix any vulnerabilities found.

3. Visio Diagram with Attack Linkage

This diagram describes SecureState's Vulnerability Linkage Theory. It is a detailed graphic that shows SecureState's attack path.

4. Matrix of Findings

5. Mitigation Assistance

For more information download the PDF version of Attack & Penetration

SecureState is successful during 85% of Internet penetration tests!

Did you know???

• An external attack and penetration is required by PCI. SecureState is certified in these areas.
• Exploits are being released everyday
• Last year was a record high for public exploit release
• Its easier then ever to compromise a host
• During an attack and penetration, we succeed 98% of the time
• Our SecureState team members have given security training to members of the N.S.A.

Areas SecureState targets include (but are not limited to):

• Routers, Firewalls, Switches, and Intrusion Detection/Prevention Systems
• Operating System
• VPN Environment
• Email Environment
• Web Applications