We’ve been seen on and featured in
Don’t Hire a Penetration Testing Company Until You Read This Free Guide
11 questions you must ask a penetration testing firm before you hire them
Don’t fall for thinly disguised vulnerability scans being passed off as Penetration Tests. This penetration testing company hiring guide was featured on Forbes and can help you select the right penetration testing vendor when considering penetration testing companies. Not all penetration testing companies are created equal.
You do not find the skill and depth of knowledge you need in a software package or canned script. You can only find that expertise in someone who has the passion for security and protection like Adriel (Netragard’s Founder) possesses. There are way too many IT Security Companies that can audit your network. There are very few of Adriel’s caliber who can assess your network from the stance of a black hat hacker all the while maintaining the integrity and professionalism your company demands and Adriel delivers. In the past my company has used other security firms for our audits. In the future there is only one choice now and that is Adriel and his team of professionals at Netragard.!
Adriel (Netragard’s Founder) is truly a forerunner in the IT Security industry. I have been in the IT field for over 20 years and I have never met anyone more capable of protecting a company from hacking.
I worked with Adriel at an IT consulting firm when he was developing IDS/IPS systems for our high profile customers who needed extremely sophisticated security. Adriel took the time to understand the companies’ business needs, conduct security testing and assess the threat. He then implemented a custom security solution to meet and exceed their needs. Every customer was thrilled with Adriel’s work.
I would highly recommend Adriel to anyone looking for Computer Security Services.
Mr. Desautels (Netragard’s Founder) is an extremely brilliant individual who puts the word “counterhack” and “antihack” into context that could make just about anybody cringe at the mention of his name. His reputation is positive within the IT security community, and is fairly well-respected.
As a contributing and participating member to the SCADA and Control Systems Security mailing list (SCADASEC), Mr. Desautels has provided some very interesting and introspective commentary about *how* potential cyber-terrorists might think, ergo, get into the minds of the cyber-terrorist, and think like them, but do whatever is necessary to prevent loss of lives and property to whatever client is utilizing his expert talents. As the owner and one of the moderators for the SCADASEC list, Adriel has provided some very good insight that has caused many of our members to provide feedback, both positively and negatively. Either way, he gets people to THINK about things, and that IMHO, is VERY important.
Last, as an IT security and critical infrastructure researcher/professional, I would highly recommend Mr. Desautels for whatever is ailing his prospective client(s). If you were to hire Adriel, I would highly recommend him and his firm.
We received proposals from a half-dozen potential Vendors and Netrgard’s proposal was by far the most comprehensive. They also seemed ahead of their competitors in essentially all technical security matters. We, therefore, selected them to perform a Blind External Penetration Test along with both remote and on-site social engineering. A thorough review of our physical security was also included.
We were very pleased with the results of their review. In tandem with our own IT Security Group, they we able to clearly identify where our IT security was strong and where it needed to be improved. They provided us with practical recommendations to improve not only our technical IT security, but also advised us of needed enhancements to our physical security, while also advising us on how to limit our susceptibility to social engineering tactics. We were very impressed with the Netragard Team and would consider them for future engagements.
Adriel (Netragard’s Founder) has been an exceptionally valuable resource for us as a security consultant.
His recommendations have been unbiased and honest, if given the option of telling you what you want to hear versus the actual truth of the matter, I feel Adriel will give us the truth every time.
It goes without saying that he holds a wealth of knowledge regarding IT/Internet security and best practices. His knowledge in this subject matter goes both deep and wide.
I look forward to working with Adriel in the future.
One of the reasons I decided to go with Netragard for my penetration testing needs is because it was the only vendor I could find that performed manual testing in the same vein as actual hackers out on the internet as opposed to automated scanning tools. Most vendors I found offered automated services only while my pen testing requirements demanded manual testing. So by simple disqualification, Netragard got my business! However, the main reason to select Netragard turned out to be their quality customer service and their track record in the industry. As long as I require penetration testing, I will be a client of Netragard.
Depending on what your budget will tolerate, they are pretty good about working with you. I personally recommend them and no, I am not getting a kick back. Perhaps I should consider it though :-
I did send out an RFP and yes, I got pricing from $500.00 up to $12,000.00. Without question, we made the right decision in going with these folks.
We use Netragard to act as our White Hats. They are very good and cost effective. Before you select a vendor, do yourself a favor and talk with them. They did what they said they would do, when they said they would do it and at an agreed price. All work was performed remotely and all deliverables were electronic, including an executive summary and detailed analysis for my Engineering staff. They even went so far as to help us determine best practices, so as to mitigate our exposure. I couldn’t be happier with them.
“One of the reasons I decided to go with Netragard for my penetration testing needs is because it was the only vendor I could find that performed manual testing in the same vein as actual hackers out on the internet as opposed to automated scanning tools. Most vendors I found offered automated services only while my pen testing requirements demanded manual testing. So by simple disqualification, Netragard got my business! However, the main reason to select Netragard turned out to be their quality customer service and their track record in the industry. As long as I require penetration testing, I will be a client of Netragard. ”
– Matt Rosier
Billion Dollar Round Table
Our research driven network security Penetration Testing services for companies are specifically designed to test entire IT Infrastructures or just individual systems. These services are ideal for HIPAA/HITECH, PCI/DSS, and other similar requirements
Web Application Penetration Testing
Our Web Application Penetration Testing services are specifically designed for testing single Web Applications, or entire application farms. These services are ideal for HIPAA/HITECH, and PCI DSS requirements.
Our Vulnerability Assessment services are ideal for performing periodic checkups against entire IT infrastructures between Penetration Tests. These services useful for helping to satisfy HIPAA/HITECH, PCI/DSS, and other similar requirements.
Penetration Testing Training Course
Learn how to do ethical hacking and penetration testing straight from Netragard, the company that gets paid to test Casinos, Banks, Hospitals, Government Organizations, and major Corporations around the world! Get answers from direct from our seasoned engineers to every single one of your questions. We hold nothing back.
- Experience: Big4, Pharmaceutical
- Years of experience in penetration testing: 15 years
- Certifications: CISSP, CEH, PCI-QSA, OSSTMM OPSA, OSSTMM OPST, ISACA
- Expertise: Network, Web Application, Social Engineering, Vulnerability Research
- Industries Tested: Cloud/SaaS, Critical Infra./Utilities(SCADA), Defense, Finance, Gambling/Casino, Insurance, Manufacturing, Media, Retail, Pharmaceutical, Healthcare, Public Administration
- Experience: Defense, Energy
- Years of experience in penetration testing: 10 years
- Expertise: Network, Web Application, Social Engineering, Physical Security
- Industries Tested: Gambling/Casino, Transportation, Pharmaceutical/Healthcare, Finance, Retail
- Experience: Aviation Network Systems, Consulting
- Years of experience in penetration testing: 15 years
- Expertise: Network, Web Application, Social Engineering, Physical Security, Vulnerability Research
- Industries Tested: Cloud/SaaS, Critical Infra./Utilities(SCADA), Finance, Manufacturing Pharmaceutical, Healthcare, Public Administration, Retail
- Experience: Finance, Cert. Authority, Big4
- Years of experience in penetration testing: 8 years
- Certifications: CISSP, CSSLP, ITIL v3 foundation, CEH, CISA, OSCP
- Expertise: Network, Web Application, Code Review (Java, C++/C#/.NET), Social Engineering, Reverse Engineering
- Industries Tested: Finance, Media, SaaS/Cloud, Cert. Authority
Penetration Testing Definition
The term “Penetration Test” as defined by the English dictionary, means to identify the presence of points where something can find or force its way into or through something else.
Penetration Testing is not unique to IT Security and is used in a wide range of other industries that include but are not limited to soil penetration testing, armor penetration testing, chemical penetration testing, etc. When applied to IT Security Penetration Testing is most often used to positively identify points of vulnerability.
Since Penetration Tests are tests, they must determine the genuineness of the vulnerabilities that they identify, hence the word “test”.
In most, if not all cases this determination is done through exploitation. If a potential issue is successfully exploited then it is determined to be a genuine vulnerability and is reported.
Findings that cannot be exploited are either not reported or are reported as theoretical findings when justified. Because Penetration Tests prove the genuineness of vulnerabilities their deliverables should always be free of false positives.