Small and Medium Business Penetration Test2021-06-24T12:36:57+00:00

Penetration Testing for Small and Medium Businesses

PreCog Security’s penetration testing approach is focused on optimizing the conducted tests and the time that is available to uncover security vulnerabilities in the testing object. We custom tailor our testing to discover vulnerabilities that could have the most potential risk and impact, regarding a possible threat scenario, optimized for the ease of discovery by a third party. This enables us to discover vulnerabilities that have the biggest possible damage on the system but are practical and realistic according to the threat model of the testing object.

Our penetration testing methodology relies upon following industry best practice standards:

PTES Testing Guide

The Penetration Testing Execution Standard document defines the methods and process of executing a network penetration test. The guideline is designed to provide a common language and scope for performing penetration testing, as well as detailed technical guidelines, to both businesses and security service providers. For additional information, please refer to:

Learn more

OWASP Testing Guide

The Open Web Application Security Project’s Testing Guide document defines the industry best practice web application penetration testing methodology. The value in using this document as a reference on the possible prevalence, exploitability, impact and detectability of a particular class of vulnerabilities, helps us focus on finding the most prevalent and detectable vulnerabilities that could have the most significant security impact. For additional information, please refer to:

Learn more

Do you have an Information
Security Policy?

PreCog Security network penetration testing methodology and categories summary:

1.

Pre-engagement Interactions

  • Scope and Rules of Engagement Definition
  • Communication Planning
  • Incident Handling
2.

Discovery

  • Network Probing and Footprinting
  • User and Service Enumeration
  • Domain Resource Enumeration
3.

Vulnerability Discovery and Analysis

  • Vulnerability Scan
  • Vulnerability Validation
4.

Exploitation

  • Network Traffic Sniffing, Relaying and Impersonation of Services
  • Exploitation of Vulnerable Services
  • Escalation of Privileges
  • Pivoting to Critical Systems
5.

Configuration Audit

  • Infrastructure Analysis
  • Configuration Analysis
  • Data Discovery
  • Password Audit
  • Group Policy Audit
6.

Reporting

  • Executive Summary
  • Detailed Findings Report

SMB Questionnaire

/10

1 / 10

Do you have a documented and available set of updated and current procedures for security and IT management in your organization? This includes documents on data integrity, business conitnuity, incident response, physical security, etc

2 / 10

Is there a person or IT team primarily responsible for managing security initiatives within your organization?

3 / 10

Do you have a prepared and tested Business Continuity/Disaster Recovery plan?

4 / 10

Do you have a prepared and tested Incident Response Plan (including handling, monitoring and reporting of the incident)?

5 / 10

Do you have an ongoing security training (security awareneess, email phishing, etc) specific for the employees responsibilities?

6 / 10

Are you performing vulnerability assessments, penetration testing and vulnerability management on information system assets (network, website, endpoints, servers, sowtware, web applicaitons,etc)?

7 / 10

Are you performing regular inventory of all IT assets (hardware and software)?

8 / 10

Do you manage the security and access restrictions of your wireless networks?

9 / 10

Are you employing anti-malware and other security controls such as firewall, data loss prevention, intrusion detection/prevention systems across your environment?

10 / 10

Are you compliant ready - do you have documentation and processes in place for the audit?

PreCog Security web application penetration testing methodology and categories summary:

PreCog Security follows OWASP (Open Web Application Security Project’s) Testing Guide document defines the industry best practice web application penetration testing methodology. The methodology is detailed and outlines 91 tests in a total of 11 categories:

  1. Client Side Testing
  2. Business Logic Testing
  3. Cryptography
  4. Authentication Testing
  5. Authorization Testing
  6. Session Management Testing
  7. Input Validation Testing
  8. Error Handling
  9. Identity Management Testing
  10. Configuration and Deployment Management Testing
  11. Information Gathering

Depending on the available time for the test, we optimize to run tests that would have the most significant impact and could be discovered easily by an attacker. To read more about the OWASP Testing guide and the application penetration testing methodology, please refer to:

OWASP Testing Project

OWASP