We offer a range of penetration testing services to identify the threats and vulnerabilities your organization faces allowing you to focus on the remediations with the most impact to your threat profile.
*Need to know more about What a Penetration Test is?
External Penetration Testing is carried out from the perspective of an Internet-based threat attempting to breach the targeted Infrastructure.
Tools are used to identify common vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.
In addition, Netragard uses evasive techniques to avoid detection and maintain stealth while performing lateral movement.
Internal Penetration Testing is carried out from the perspective of an Intranet-based threat attempting to compromise internal assets and elevate privileges to the highest level.
Tools are used to identify common vulnerabilities while manual (research driven) testing is used identify more complex and/or novel vulnerabilities.
WiFi Penetration Testing is performed either through a Roamer appliance with WiFi capabilities (antenna and software) or physically on-site. During testing Netragard will attempt to discover and exploit both common and novel vulnerabilities in Wireless Access Points (AP), WiFi network communications between users and the AP, configurations, etc. Passive attacks will be deployed to gather intelligence about WiFi networks and active attacks will be used to exploit any vulnerabilities. Additionally, Netragard will make note of any non-Customer WiFi networks that are discovered.
Web Application Penetration Testing enables organizations to discover and remediate vulnerabilities in Web Applications and APIs. This service incorporates the 1OWASP-WSTG as appropriate and ensure OWASP top 10 coverage at a minimum.
Clients who provide mobile applications to their customers often require mobile application penetration testing. This service uncovers vulnerabilities in apps and provides detailed methods for remediation. Testing can be done against iOS and Android applications.
Social Engineering enables organizations to test against attackers attempting to manipulate them through deception using ‘social’ entry points. Social Engineering can be carried out through a variety of vectors, or entry points, that include phone calls, emails, social networking, in-person meetings, job applications, and more. Vectors are selected based on client requirements and intelligence gathered during reconnaissance.
Physical Security Assessments enable clients to identify and resolve vulnerabilities in their physical offices, warehouses, labs, and other areas. This service aims to identify the ways that physical security can be bypassed for the purpose of making entry into an otherwise restricted area. This service is ideal for datacenters, labs, banks, and other areas that require a high degree of physical security.
Our cloud penetration testing is designed to ensure that the systems and data stored in the cloud do not introduce any new or unidentified risks into the organization. The assessment reviews the architecture and settings of the client’s cloud services and network to determine any misconfigurations that would jeopardize the Confidentiality, Integrity, and Availability of data contained within the cloud resources.
Our advisory and consulting services are customized to provide clients with advice and direction related to the security of their systems, applications, infrastructures, policies, and documentation. Each service is custom tailored to the specific needs of our clients to guide business success through cybersecurity strategy.
Netragard offers an extensive range of professional services and a high degree of specialization. We serve both private and public companies.
A Silver Level Penetration Test is consistent with industry standard penetration testing services. The Silver Level relies on automated vulnerability scanning with manual testing to discover common vulnerabilities.
A Gold Level Penetration Test ensures advanced technical depth and coverage for network connected devices and web applications using our proprietary Real Time Dynamic Testing™ methodology.
A Platinum Level Penetration Test provides maximum testing depth and coverage, exceeding what one would experience in a real-world threat. We use a variety of custom tools and techniques such as Real Time Dynamic Testing™, pseudo malware, social engineering and more.
Real Time Dynamic Testing™ is an advanced penetration testing methodology that is unique to Netragard and derived from vulnerability research & exploit development practices.
The methodology is highly extensible and often incorporates components from the OWASP, the OSSTMM, bleeding edge offensive tactics, and more. Real Time Dynamic Testing™ can be delivered entirely without automated vulnerability scanning.
The Path to Compromise is the path that an attacker takes to move laterally and/or vertically from an initial point of breach to areas where sensitive data can be accessed.
Understanding the Path to Compromise enables organizations to deploy effective defenses that detect and prevent active breaches from becoming damaging.
All customers who undergo a penetration test with us have the opportunity to earn a Certificate of Security if they successfully resolve all identified issues regardless of severity within a 60 day window.