Penetration Testing

An attack on a computer system that is carried out with the aim of finding and fixing security weaknesses.

Why is Penetration Testing Necessary?

Penetration Testing is used to determine if an organization’s security is robust enough to protect the Confidentiality, Integrity and/or Availability of the data that it accesses, contains, or processes. They’re an ideal service for improving overall security, but in many cases penetration testing is often carried out to satisfy regulatory requirements. For example, a PCI Penetration Test would satisfy the requirements outlined by Payment Card Industry Data Security Standard (PCI-DSS), a HIPAA Penetration Test would satisfy the requirements outlined by the Health Insurance Portability and Accountability Act (HIPAA), an FDIC Penetration Test would satisfy the recommendations made by the FDIC and the list goes on.

Request a Free Quote

“We use Netragard to act as our White Hats. They are very good and cost effective. Before you select a vendor, do yourself a favor and talk with them.” -Financial Institution

Pen Test Service Levels

We understand that different organizations have different drivers behind their penetration testing needs. To help address this we offer three highly configurable service levels to our customers. The Silver level is our level entry option and provides coverage that is consistent with the industry standard. The Gold and Platinum levels are more advanced and use a research based methodology called Real Time Dynamic Testing™ .

Silver Network Penetration Testing

Silver level Network Penetration Testing produces a level of threat consistent with the industry standard. At this level testing begins by running one or more automated vulnerability scanners against the in-scope targets. When the scans are complete the results are reviewed, and any identified vulnerabilities are confirmed through active exploitation. This level of service is ideal for clients looking to receive a low-cost test that will satisfy some security requirements.

Gold Network Penetration Testing

Gold level Network Penetration Testing produces a level of threat that is substantially greater than the industry standard. This level of service uses Real Time Dynamic Testing™, an advanced research-based methodology that incorporates over 20 years of 0-day vulnerability research and exploit development experience. The Gold level specifically tests network connected devices such as servers, desktops, web applications, etc. This service aims to test customers at a level of threat that is at least realistic from a technological perspective. The Gold level of service offers a limited set of Threat Augmentation Modules (“TAMS”) such as statistical spear phishing and distributed metastasis (aka pivoting).

Platinum Network Penetration Testing

Platinum level Network Penetration Tests produce a level of threat specifically designed to match the capabilities of real-world threat actors. That threat can range from basic (script kid) to highly advanced (nation state). At this threat level a wider variety of TAMS are available which include Advanced Social Engineering, Advanced Physical Security Testing, Stealth / Evasive Testing, 0-Day malware (its safe, we made it), the deployment of clone networks, distributed attacks, distributed scanning, covert distributed metastasis, the creation and deployment of weaponized hardware (see our PRION mouse), and much more. This service level also uses Real Time Dynamic Testing™ and can be delivered with or without the use of automated vulnerability scanners. When operating at the Platinum level of service in an unrestricted capacity we maintain a 98.6% success rate at domain compromise from the vantage point of an unauthenticated external threat.

Authentic Manual Testing

Our prices are based on manual testing and not automated tools. If an engagement requires any amount of automation, then the cost of service is discounted proportionally because automation detracts from manual work. We provide free vulnerability scanning to existing customers on an as-requested basis.

See our free vendor selection guide for more details.

Real Time Dynamic Testing™

Real Time Dynamic Testing™ is an advanced penetration testing methodology that is unique to Netragard. It incorporates key aspects of Netragard’s 20+ years of experience in performing 0-day vulnerability research and exploit development. The methodology is highly extensible and often incorporates components from the OWASP, the OSSTMM, bleeding edge offensive tactics, and more. Real Time Dynamic Testing™ can be delivered entirely without automated vulnerability scanning.

We Protect You From People Like Us

Whitepaper Download - How to Choose an IT Vendor

11 questions you must ask a penetration testing firm before you hire them.

Download Now