Penetration Testing

Network penetration tests evaluate on-premise networks’ security, including both external and internal facing services. These services can be almost anything but are typically networked services like SSH, HTTP, FTP, email, and devices printers, firewalls, intrusion-detection systems, and any other networked endpoint.

Mobile application penetration tests are typically performed on iOS and Android applications. These assessments are focused on testing the contents of the application bundle itself and the application’s interactions with backend services such as APIs and databases.

Cloud penetration testing focuses on testing the cloud infrastructure hosted via the many different cloud providers. Cloud penetration testing is often performed against AWS, Google Cloud Services, and Azure but is relevant for any cloud service provider.

Web application penetration tests focus on testing the many components of a web application, including the application’s front-end functionality, backend business logic, connected databases, APIs, and integrations with external services.

Common web application vulnerabilities include those listed in the OWASP Top Ten Application Security Risks such as injection, broken authentication, sensitive data exposure, and broken access controls.

Vulnerability assessments seek to identify as many vulnerabilities and security weaknesses as possible during the testing window. Vulnerability assessments are often confused with penetration tests because they share many similarities; however, the goal of a penetration test is “depth-first” and targeted toward attacking specific components, whereas a vulnerability assessment is “breadth-first” and used to establish a security baseline for several in-scope components.