Web Application Pen Testing
Web Application testing is essential to ensure your front-facing systems are protected. Stetson Cybergroup will evaluate the security of a web application with Penetration Testing Execution Standards and, using the OWASP standard testing checklist, will check for application technology weaknesses, technical flaws, or other vulnerabilities. Stetson Cybergroup will also test for any account takeover privileges through host header attacks. Upon completion, a comprehensive report will be provided on the results and include recommended remediation actions where needed.
Internal Penetration Testing
Over seventy percent of attacks occur from inside the network. This number continues to grow with espionage, rogue employees, and social engineering at a high. Our goal is to determine the potential impact a security breach can have on your organization and validating how easy an attacker can maneuver or escalate your environment to overcome your security infrastructure. Upon completion, a comprehensive report will be provided on the results and include recommended remediation actions where needed.
External Penetration Testing
Stetson will perform dynamic analysis for any potential vulnerabilities, which may result from an inadequate or improper configuration, known and unknown software/hardware flaws, or operational weaknesses in processes and technical countermeasures. The analysis is carried out from the position of an advisory/hacker and involves active exploitation of vulnerabilities where Stetson Cybergroup’s team attempts to compromise external and internal assets. All technology vulnerabilities will be analyzed against know CVE’s. Upon completion, a comprehensive report will be provided on the results and include recommended remediation actions where needed.
While securing your network, a threat hunt should always be performed. A threat hunt looks for active threats on your network and results in a report of all files or logs that match a certain criterion. With the way malware works, it can mean it is posturing itself inside your network for long periods of time before it will execute. Using network deployment tools, we access each PC and evaluate every file and log that could be potential indicators of an active threat. Upon completion, a comprehensive report will be provided on the results and include recommended remediation actions where needed.
Stetson uses industry-leading tools to provide vulnerability scans for any device on your network. Vulnerability scans to test for areas of weakness in a system and return analysis of security issues on your host device. Running vulnerability scans on your systems makes sure your systems stay secure and are also the first resource to employ when you think a device might be vulnerable or compromised.
Vulnerability scans can be completed by using Stetson’s vulnerability services on any system or equipment associated with your network.
Incident Response Tabletop Exercises
A tabletop exercise is a simulated real-world situation lead by a team leader. You can interact to exercise as they unfold in a controlled setting. Typically, the key members are involved that would be affected by an incident. How do you know if your plan will work? A plan that has not been tested may not work when a situation arises.
The exercise should be interactive, allowing all members to question and analyze the plan’s effectiveness. Testing your business continuity, data recovery, and incident response plans will help to find areas of improvement before a real incident occurs.