PCI DSS § 11.3 requires internal and external penetration tests at least annually and after any significant changes. This includes both network-layer and application-layer tests.
NIST SP800-53 § CA-2, CA-7, PE-3, RA-5, and SA-12 all include penetration test control enhancements that can be used to meet FISMA objectives.
Our methodology is a hybrid approach, based on the best attributes of the de-facto standards, such as the Open Source Security Testing Methodology Manual (OSSTMM) and NIST SP 800-115.
Tech Lock's penetration testing service provides our clients with an accurate view of their security posture.
A vulnerability scan can only take you so far; our team can perform the following types of penetration tests according to criteria aligned with your organization’s goals:
Black Box, White Box
Our team can be equipped with as little or as much foreknowledge as you wish. Traditionally, a black box penetration test is where the penetration tester begins with little detail about the target (other than the scope). A white box penetration test is where the penetration tester begins with full knowledge of the target.
Network / Application Penetration Testing
Most penetration tests include network and application penetration testing as standard.
Web Application Penetration testing
Web application penetration testing includes identifying and exploiting SQL injection flaws, and combining with other methods such as social engineering in cross-site scripting and cross-site request forgery attack.
Social engineering involves human interaction. Examples of techniques employed are phishing e-mails and telephone calls used to obtain credentials and access to internal systems.
Premise / Physical Security Testing
A network can be technically secure but physically vulnerable. Regularly testing physical security controls can be just as important as a network penetration test.
if you would like to be contacted about our services.