NetSieben engineers are trained in a variety of tools and possess advanced knowledge in a wide range of hacking techniques such as SQL injection or SOAP method fuzzing. They are able to simulate real world scenarios, demonstrating what would happen if an organization's network environment was exposed to a real attack.

Even though this process can take much longer, it filters a variety of false positives and provides proof of attack vectors from where a hacker may obtain access to sensitive and confidential information. It also demonstrates how an effective attack can be launched by correlating knowledge obtained from other parts of the organizations network or by social engineering. A report is generated showing how the network was compromised and how to mitigate the risks.

| External Penetration Testing | Internal Penetration Testing |
| Pre deployment testing |

External Penetration Testing

The test concentrates on publicly available network resources such as company websites, E-commerce applications and Email servers. It exposes the vulnerabilities of the edge architecture helping the organization recognize the weaknesses in it's access controls and documented security policies. Issues can be remediated before they are exploited avoiding costly downtime or the loss of sensitive information.

NetSieben Technologies is able to conduct different forms of this test. The first type is known as "black box" test in which no prior information is giving to NetSieben by the organization. The entire test is based on publicly available information, best simulating the real world environment.

The second is a "gray box" test where NetSieben is provided with IP addresses and a brief overview of the network. The third is "white box" test where detailed network information is provided before the test.

NetSieben follows it's own custom testing methodology adjusted to the client's needs and the type type of test to be conducted.

At the end of the test a report is generated outlining each vulnerability discovered, as well as the successfully exploited attack vectors sorted by severity. Remediation suggestions are also provided for each vulnerability found.

Internal Penetration Testing

Within an organization different levels of access are required by different employees. For example the finance department will access financial data and applications which should not be accessed by a help-desk technician.

Internal vulnerability assessments reveal the most of obvious security issues. To detect more subtle vulnerabilities such as a SQL Injection or other application design flaws in the Intranet, it is recommended to perform an Internal Penetration Test. The methodology of internal test is similar to that of external penetration test. NetSieben engineers work in the organization's environment with the same rights as one of the users and try to gain access to the data that should not be available at the user's level of privileges.

The test helps to establish how effectively the access of controls are deployed, and how effective are the organization's documented security policies.

Pre deployment testing

After an organization has had a penetration test performed and remediated all the discovered risks, it is recommended that all new applications be tested before they are deployed in a production environment. This is especially important for the Internet facing resources.

NetSieben engineers have extensive experience in testing a variety of applications including home grown custom Web applications. Understanding a wide range of technologies allows the engineers to run custom and manual tests against the applications. This process will discover vulnerabilities that no automated tool will find.

For more information or pricing please call us at (866) 395-1047 or fill out this secure form.