© Copyright 2010-2019 Brier & Thorn, Inc.

Penetration Test

OUR INCIDENT RESPONSE TEAM GOES BEYOND DATA COLLECTION AND MALWARE ANALYSIS TO INVESTIGATING YOUR ENTERPRISE ENVIRONMENT AND DISCOVERING DIGITAL ARTIFACTS ON LAPTOPS, DESKTOPS, USB DEVICES, SMART PHONES, TABLETS, SERVERS, AND CLOUD DRIVES.

WHY WE DO IT

You need a clear view of the risks in respect to the company confidential or consumer information that you transmit or store on behalf of those who trust you with it. Furthermore, the need to understand the intricacies of complex technical solutions, interpret technical jargon and consider vulnerabilities in the context of impact to your business is increasingly a challenge for managers and stakeholders.

 

A penetration test presents a focused view of potential risks to information in the context of attack, loss of service, and impacts to data integrity, from any threat source.

 

WHAT WE DO

 

We believe that being a trusted adviser means helping you understand your key risks and exposures — both in your own IT infrastructure and the infrastructure of your service providers and supply chains. Our dedicated team has identified unpublished vulnerabilities in vendor products, performed over 100 network and application penetration tests, performed penetration testing of IoT (Internet of Things) devices, such as medical devices and even infotainment systems for automobiles, as well as passenger airliners.

Our methodology evaluates the severity of vulnerabilities in the context of your risk profile. This will provide you with a clear direction towards mitigating the highest and most concerning vulnerabilities. 

Our testing process is driven by (6) fundamental steps adhering to the industry accepted penetration testing execution standard (PTES) for methodology and for web application penetration tests follows the OWASP web application penetration testing guide.

The steps we follow in a penetration test cover:

·        Intelligence Gathering

·        Threat Modeling

·        Vulnerability Analysis

·        Exploitation

·        Post-Exploitation

·        Reporting

OUR CAPABILITIES

  1.       Static Code Analysis

  2.       Dynamic Code Analysis

  3.       Network and Web Application Penetration Tests

  4.       External Penetration Testing

  5.     Internal Penetration Testing