Penetration Testing Services & Vulnerability Assessment
GEO specializes in manual penetration testing (pentest) services for web applications, mobile applications, desktop applications, servers, APIs, and external networks in compliance with ISO-27001, 12.6.
Security vulnerabilities are a reality faced by the digital world at a rapid speed. Given this reality, white-hat penetration testing (also known as Pen-Testing) has become a critical method for protecting systems and applications from security vulnerabilities.
The goal of this service is to uncover vulnerabilities in a target system so the team of developers can take action to correct them. Talking about pen-testers, they act as real attackers, attempting to compromise the system to learn the effectiveness of the performed attacks.
Outsourcing Pen Testing as a Service is a common practice for businesses across various industries. One major benefit of outsourcing pen-testing is to stay updated with the latest tools and technologies in the market. By outsourcing your pen-testing to GEO-OPS you ensure that your IT systems vulnerabilities are professionally evaluated, and counteractions implemented.
Regularly scheduled network scanning through pentesting can help your organization identify vulnerabilities in your network security before flaws are maliciously exploited in the wild by hackers.
GEOs Penetration Testing services ensure that your ISMS comply with ISO-27001 control 12.6 Technical vulnerability management, which states:
“The organization should be able to obtain information about vulnerabilities of its information systems, its exposure to such vulnerabilities should be evaluated and appropriate measures should be taken to address the risks.“
Throughout this assessment, GEO-OPS uses an arsenal of custom, commercial, and open-source tools. Below is a list of the tools we commonly use:
- # Network Mapper (NMAP) – A security scanner used to discover hosts and services on a computer network, thus creating a “map” of the network. To accomplish its goal, NMAP sends specially crafted packets to the target host and then analyses the responses.
- # Nessus vulnerability scanner – A proprietary, comprehensive vulnerability scanner developed by Tenable Network Security. This tool allows for controlled scanning of hosts to identify known vulnerabilities, system misconfigurations, default passwords, and denial of service (DoS) susceptibility.
- # Burp Suite Web Application Security Platform – A package of tools for assessing modern web applications. Burp provides functionality for web spidering, scanning, and custom manipulation of web application inputs.
- # Metasploit Framework – A framework that simplifies exploitation, persistence, and data acquisition of compromised hosts.
- # cURL – A computer software project providing a library and command-line tool for transferring data using various protocols.
- # SSLScan – Queries SSL services, such as HTTPS and SMTP that supports STARTTLS, in order to determine the ciphers that are supported.
- # Kali Linux – is a Debian derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd.
With each Pentesting project our clients receive a full and comprehensive report with:
- # A detailed description and proof of concept for each finding
- # Actionable remediation plan and real-time feedback
- # Risk severity mappings and insight into the level of effort needed to remediate the findings
- # Positive findings that call out what security controls you have that are effective
- # Descriptions, screenshots, and suggested fixes for vulnerabilities
GEO follows the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the OWASP Testing Guide.
GEO advocates a continuous cycle of penetration testing and vulnerability assessment and remediation. The fact is that your security posture is always changing so in order to ensure your continued cyber-security there must be an on-going program of testing, remediation and vulnerability management.
Contact GEO today for a manual PenTest of your web applications, servers, and network vulnerabilities and security risks!