Performed from inside the network to determine how much information an employee or contractor can acquire without detection.
In today’s hyper-connected world, remote testing helps add efficiency to security best practices, allowing SMP consultants to reach outside their immediate area and into organizations across the globe. By testing remotely, SMP supports ongoing security assessments and continuous monitoring throughout the year, rather than by engagement as needed. The remote testing approach offers added assurance for organizations looking to reinforce their security infrastructure.
Assesses the security of an authorized wireless network while identifying rogue access points, mapping an area's wireless activity and highlighting signal leakage.
Policy and Controls Review
Network Architecture Review
Web Application Assessments
Uses an in-depth probing to fully test access controls in order to find configuration deficiencies and security vulnerabilities. Common web application exploits often include SQL injections, cross-site scripting, request forgeries, directory transversals, buffer overflow checks and 'remote file includes' in PHP.
Social Engineering Assessment
Validates the strength of your policies, the comprehension and compliance of staff, and the viability of technical controls. We report areas of concern, identifies failures in best practice, documents compliance issues, and provides recommendations for improvement. SMP can help re-mediate weaknesses and assist in the development and implementation of security awareness training programs.
Mobile Application Security Assessment
Includes evaluation of overall mobile infrastructure; penetration tests on mobile clients and the servers that control them; assessment of the security of all mobile devices (iPhone, Android, tablets, etc.) and apps to determine their susceptibility to data breaches; and evaluation of the gap between current policies and procedures and known best practices.
External Vulnerability & Penetration Testing
Scans all located and responding Hosts from the Network and Host Discovery phase to identify all known security vulnerabilities. The External Penetration Testing analysis consists of actual testing of the vulnerabilities found during scanning to assess how far an intruder can penetrate the network. Mission critical applications operating through an organization’s firewall should be tested if vulnerabilities exist and patching or architectural changes do not significantly reduce exposure.
Active Directory Assessment
In most organizations, Active Directory serves as the foundation for IT and most applications in use. A highly dynamic component, Active Directory often causes limited assurance in security best practices, and misconfigurations leave the organization exposed to both internal and external threats.
With Active Directory Assessment, SMP leverages common flaws to compromise an account and escalate privileges in order to gain administrative access. In doing so, whether on-site or remotely, SMP illuminates current security configuration issues, and provides a detailed report complete with practical impact and recommended remediation steps to prevent the possibility of such attacks in the future.