Penetration Testing- Vulnerability Management

HMC3 : Types of Pentesting Overview


  • Web App

    • Targeted Defense pen test comprehensively assesses the security of authenticated & unauthenticated web apps and APIs

  • Identifies all security risks, including OWASP
  • Authenticated, unauthenticated, & API testing
  • Includes DAST scans and SDLC integration for web based sites
  • Cloud

    • Assessment of security cloud infrastructure & applications from all major vendors including AWS, GCP, M365, Azure, Salesforce, and more.

  • AWS, Azure, GCP +
  • Includes IaaS and PaaS
  • Includes M365 configuration reviews and testing
  • Network Testing

    • Internal and external network & infrastructure assessments for complete visibility over security weaknesses

  • Check services, patches, & configuration levels
  • Using multiple test tools to test external and internal testing
  • Following PTES best practices
  • Mobile App Testing

    • We test apps for iOS, Android and other platforms to ensure security and safety across all devices.

  • Proven iOS and Android expertise
  • SAST and Source Code reviews
  • Gap analysis and recommendations for uncovered insecure functionality

Areas of Penetration Testing


  • (1 Day) – Infrastructure Surface Review

    • Designed to simulate attack patterns of an opportunistic hacker and validates and exploits known vulnerabilities identified during automated vulnerability assessments. Time-limited testing focused on reducing the risk of opportunistic attackers breaching defenses.

  • Service enumeration
  • Patch Management
  • Exploitation of known applicable vulnerabilities
  • Information disclosure – content discovery of config files and sensitive data
  • Cryptography – encryption protocols & ciphers
  • Authentication bypass – SSO/MFA weak or default credential testing.

    • Replicates the attack methods of hackers by confirming and exploiting security weaknesses found during automated vulnerability assessments.

  • Patch Management – Web Servers and Libraries
  • Information Disclosure – content discovery of config & sensitive data
  • Cryptography – encryption protocols & ciphers
  • Authentication Bypass – weak/default credentials
  • Injection-based testing – applicable as XXX, SQL, HTML, XML, and JSON
  • (2 Day) – O365 Surface Review

    • Designed to uncover insecure configurations and non-conformances in O365. Maps to security patches and best practices from O365 and ideal for businesses wanting a holistic review of a O365 deployment.

  • Access Control Management
  • Applied security controls to applicable products such as Exchange, SharePoint and Teams.
  • (Full Support Team) – Targeted Defense Pentest

    • This is an exhaustive penetration test, modelling a targeted attack against the company. Using a variety of different pentesting tools. Using all of the current tools and techniques available to a real-world cyber criminal to meet the companies specific security objectives.

  • Continuous protection – protects a company 24/7 with automated scans included in every penetration test.
  • Lowers the cost of monthly, quarterly, six month Pentests and doesn’t sacrifice quality
  • Uncover security weaknesses with a mix of human and tool insights
  • Fix issues fast with remediation advice
  • Automated security scans to continuously cover the latest security threats
  • Supports sales growth by giving your customers confidence that you take their security seriously
  • Ensures companies meet compliance standards ISO 27001, PCI DSS, GDPR, SOC2, NIST-CSF, and many more

HMC3 Testing Methodology


Image

1 - Scope definition & pre-engagement interactions

Based on your defined goals, we'll work with you to develop a tailored testing strategy.
Image

2 - Intelligence gathering & threat modelling

In this reconnaissance stage, our experts use the latest groundbreaking techniques to gather as much security information as possible.
Image

3 - Vulnerability analysis

Using the latest tools and sector knowledge, we will uncover what’s making your critical assets vulnerable and at risk from attack.
Image

4 - Exploitation

Using a range of custom-made exploits and existing software, our penetration testers will test all core infrastructure and components without disrupting your business.
Image

5 - Post-exploitation

The team will determine the risks and pivot to other systems and networks if within the scope of the test. All compromised systems will be thoroughly cleaned of any scripts.
Image

6 - Reporting

Our security team will produce a comprehensive report with their findings. You'll have the opportunity to ask questions and request further information on key aspects of your test.
Image

7 - Continuous Security

New threats are discovered every day, so Target Defense includes automated security scans to help you keep on top of new security weaknesses.
Contact Us

©2023 HMC3. All rights reserved.