Penetration Testing
PENETRATION TESTING
Penetration testing enables customers to understand their current level of security risk and will inform the organization of required remediation efforts. In turn, this can be used to demonstrate to the company, partners, and customers, either existing or potential, that critical systems are regularly tested.
Traditional penetration tests struggle to match the development and speed of modern software applications. As applications evolve and attack surfaces grow, it is no longer feasible to conduct penetration tests annually or wait three months to begin a test. It is equally important to know penetration testers communicate any found vulnerabilities throughout the process, rather than waiting until the final report to begin remediation. LCM’s penetration testing service comes as both an Ad-hoc service or can be scheduled to run monthly.
Get Started on Penetration Testing
APPROACH TO PENETRATION TESTING
LCM’s has a seven-phase approach to Penetration Testing. It begins with Pre-Engagement Activities to determine the rules of engagement and scope of the project. Then, our team will perform Intelligence Gathering from the customer’s environment that is utilized during the penetration test. LCM’s team will also conduct Threat Modelling by performing a business asset analysis to determine assets most likely to be targeted by an attacker. Before the actual Pen Test, the final step is to perform a Vulnerability Analysis to discover flaws on the in-scope assets that an attacker could leverage. During the Exploitation phase, our team will attempt to bypass security restrictions with the goal of determining the largest potential impact to the organization with the least resistance.
There will be a Post-Exploitation phase, which consists of determining the worth of the compromised machines as they relate to the business and the maintenance of control of the system. Final Reports will be produced and will break down the testing results according to criticality, with testing details and recommendations that the customer can implement to reduce or prevent the risk.
PENETRATION TESTING DELIVERABLES
LCM Security will provide a report detailing all tests and results that were performed during the engagement. The report will have an executive high-level risk assessment of the results from the pen testing engagement.
The report will have a testing narrative that details step by step the tests performed, the results of the tests and other details of the testing. This section included all tests that were performed and all data that was gathered, and the results of the tests, whether they were successful or not.
PENETRATION TESTING DELIVERY TEAM
Lead Assessor: A seasoned Information Security expert with over 10 years of professional experience in the industry, possessing various certifications and a degree in information security. The assessor has conducted penetration testing for small, medium and large organizations, and organizations in various industries.
Virtual CISO: An Information Technology leader with over 20 years of experience in Cyber Security consulting and Managed Security Services, with CISA and CRISC certifications.
Report Writers: Will develop final reports based on the findings of the assessment.