Tec-Refresh conducts an annual penetration test based on the Penetration Testing Execution Standard (PTES) and Open Web Application Security Project (OWASP) testing guidelines, as well as on ongoing research.
If necessary, we conduct testing in accordance with Payment Card Industry (PCI) guidelines or Health Insurance Privacy and Portability Act (HIPAA) standards. We design all of our testing engagements to meet or exceed compliance requirements.
What’s typically involved with Penetration Testing?
- Not just running a scan and sending a pen test report. Majority of penetration testing (~80%) is manual. Run scan to find vulnerabilities, then manually exploit.
- Look at network widely and deeply.
- Pen tests don’t stop at getting access; once in, Tec-Refresh works on getting deeper access. Example: exploit Active Directory to get admin users, then do password-cracking on those accounts.
- Pen test reporting is manual too, explaining what was discovered, how it was discovered, what the threat is, how to defend against it.
- Almost always find critical vulnerabilities, even in organizations that have security staff.
- Reports identifies critical, high, medium, low risk, and recommended steps to correct. Once customer feels they’ve addressed those, Tec-Refresh tests again for those specific identified threats.
Business Benefits of Tec-Refresh’s Network Pen Testing
- Knowledge of threats.
- Be compliant (for some types of compliance, such as PCI customer must have third party test).
- Increase network security.
- Peace of mind of knowing network is secure.
Tec-Refresh, Inc. is an information security consulting firm which provides managed security services, risk management, and compliance services. Efrem Gonzales founded the company in 2010 on the principle of putting the customer first. Our solutions reduce complexity, simplify device compliance, and enhance network security. Contact us to see how we can put our IT expertise and experience to work for you!