Types of High Bit Security Penetration Testing
This page is not intended to list all possible types of penetration tests, or even all of the types that we perform. It is intended to describe the coverage of the common testing that we list on our published pricing page, and clarify some of the terms used on that page. If you are looking for detail about our methods for testing, this can be found in our published methodologies section.
The terms 'External' and 'Internal', as used in our price schedule, refer to our viewpoint for the engagement.
External means that we are testing your systems from an external viewpoint, and usually means we are testing systems that are intended to be reachable by external users or systems, even if access is restricted. For an External engagement, the IP addresses of targets would be in the IANA public IP address space, and our source IPs for testing would also be in the public IP address space.
Internal means that we are testing your systems from an internal viewpoint, and usually means we are testing systems that are intended to be reachable only by users or systems on your internal network. For an Internal engagement, the IP addresses of targets would be in the IANA IP address space reserved for private use (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), and our testing would be conducted from a host that is actually provisioned on your internal network, or by VPN.
So, to sum up, External and Internal describe viewpoints. A web application test, for instance, could be External, if the application is reachable in the public IP space, or Internal, if the application can only be reached on your internal network.
Types of Penetration Testing:
Network Penetration Test. For us, the Network Penetration Test is the basic package to which other types of testing can be added. For that reason, our Network Penetration Test pricing includes costs for basic overhead considerations like scope validation, reporting time, and so forth. If you need one of the tests described below, but don't need a Network Penetration Test, we can accommodate it but we will need to adjust pricing to cover the overhead.
Network penetration testing includes firewall configuration testing, including statefull analysis tests and common firewall bypass testing, IPS evasion, DNS attacks including zone transfer testing, switching and routing issues and other network related testing. For us, it also includes a full port scan and subsequent testing of all discovered services on any host that is identified as a testing target. Common services like SSH, SQL Server, MySQL and other database services, SMTP, FTP etc. are all included. Standard, well known web applications like Microsoft Outlook logon pages, standard administrative interfaces for firewalls, printers and other standard administrative web pages are also included and will receive black box testing if discovered. In fact, everything we discover during a port scan will receive testing.
What Network Penetration Testing does not include is deep testing of any applications or services that you have written or customized. Detailed testing of custom web applications requires a web application test. We can test custom non-web applications or services as well, but we need detailed information about them and they are not included in our standard Network Penetration test. Wireless Penetration Testing and Social Engineering are also not included.
Network Penetration Testing can have an External or an Internal viewpoint.
Web Application Penetration Testing. The reason we don't include Web Application Testing in our standard Network package is because web applications are complex, and require a significant amount of time and attention to test thoroughly and correctly. To list everything we test in a web application would require many pages. Fortunately, there is an organization that is internationally respected on this issue, and that makes it easy for us to describe our coverage because they've already written those (200 plus) pages. We test for every vulnerability listed in the current OWASP testing guide, and not just the 'top ten'.
There are some factors that may require us to price web applications differently than published. If the application exposes important functionality that is handled by components like ActiveX, Silverlight or Java Applets, we may have to use different tools and may need to adjust prices. Also, it is very difficult to actually define what constitutes a single web application. We would not, for instance, be willing to test all of google.com at our published flat price. We do reserve the right to make that determination, but in most cases we will be able to honor the prices we publish.
One other important point should be made here, and that involves web services. If your application makes use of, or provides, a web service API, we may be able to test your web application and your API together, for one price. This depends on architecture and also on whether your application makes use of all of the API functions.
Web Application Penetration Testing can have an External or an Internal viewpoint.
Wireless Penetration Test. Our Wireless Penetration Testing includes identification of weak protocols, discovery and identification of potential rogue access points, testing for default or weak administrative credentials, weak Pre-Shared keys, mis-association and dis-association attacks, and common client station misconfiguration.
Wireless Penetration Testing is normally conducted in conjunction with an Internal engagement because it requires placement of our equipment within range of your wireless network signals.
Social Engineering. We divide Social Engineering into two categories: Remote, and Physical.
The Remote category includes email based spear-phishing attacks for up to 100 targets and other electronic attacks intended to bait network and security personnel. This testing requires a great deal of research on individual targets to be effective, and also requires serious attention to morale considerations and safety considerations, especially where electronic payloads are involved. We cover more on that in our methodologies section.
Remote Social Engineering is the type of Social Engineering on our price sheet, and is usually conducted in conjunction with an External engagement.
The Physical category of Social Engineering includes infectious media drops, physical security, dumpster diving, impersonation, and other attacks that require a physical presence. This is a type of testing that includes far too many variables for us to publish a flat price. Please contact us for a discussion of your requirements, and we'll provide a quote.
Physical Social Engineering is usually conducted in conjunction with an Internal engagement.
This page has presented a brief treatment of the different types of testing listed on our price sheet, and does not cover everything we do. Also, there are very important methodology considerations that can impact quality, safety and stability that are not covered here, but are covered in the methodology section.
Ask us for a free, quick, no hassle quote using the contact form above.