Penetration Testing

A service designed to identify the presence of points where something (the hacker threat) can find or force its way into or through something else (your defenses / your IT infrastructure, etc). Netragard’s Penetration Testing services are guaranteed to contain no false positives. If any of our Penetration Testing reports contain even a single false positive then we will deliver the next test of equal size and value free of charge.

Vulnerability Assessments

A service that provides an estimate or best guess as to how susceptible something (your IT Infrastructure, defenses, etc) is to attack or damage. Because Vulnerability Assessments provide a best guess, the deliverables that they produce will almost always contain a small number of false positives. This service differens from Penetration Testing services as Penetration Test prove the existence of vulnerabilities via exploitation. Vulnerability Assessments assess and do not exploit.

Web Application Penetration Testing

A Web Application is any program that can be accessed through a web server (like Apache, IIS, etc.) but not necessarily with a web browser (like Firefox, Internet Explorer, Safari, etc). Examples of Web Applications include online banking portals, websites that are managed by Content Management Systems (like Joomla, Mambo, WordPress, etc.), e-commerce websites, subversion (aka svn), Web Services, etc. Web Applications are most commonly delivered through websites but not always.

Netragard’s Web Application Penetration Testing services are derived from the the Open Web Application Security Project (OWASP) and heavily augmented by Real Time Dynamic Testing. OWASP is the de facto standard for designing and testing secure web applications.

Research & Development

Vulnerability Research is the process by which security flaws in technology are identified. Vulnerability research can but does not always involve reverse engineering, code analysis, static analysis, etc. Performing vulnerability research against technology pre-release enables technology vendors to provide their customers with higher quality products and higher levels of trust and security.


The Health Insurance Portability and Accountability Act of 1996 ((HIPAA)requires healthcare institutions to implement appropriate safeguards to protect electronic Protected health Information (ePHI) from “reasonably anticipated threats and hazards”. The Health Information for Economic and Clinical Health Act (HITECH) is a part of the American Recovery and Reinvestment Act of 2009 (ARRA) and contains specific incentives to help accelerate the adoption of Electronic Health Record (EHR) systems among providers. The HITECH Act also increases the scope of privacy and security protections under HIPAA, increases potential legal liability for compliance failures, and provides for more enforcement.

PCI / DSS 11.3 Penetration Testing

The Payment Card Industry Data Security Standard (PCI/DSS) is a set of policies created by MasterCard, Visa, American Express and Discover for the purpose of protecting cardholder data. The standard focuses predominately on six areas which are building a secure network, protecting cardholder data, maintaining a vulnerability management program, the implementation of strong access controls, the regular monitoring and testing of networks, and the maintenance and enforcement of a strong security policy.

Certification Program

Netragard’s Certification Program enables you to clearly demonstrate to your customers that you’ve taken the appropriate measures to harden single systems, web applications, or entire IT Infrastructures. Receiving certification from Netragard is a true testament to your security posture.