Penetration Testing
Protect your business by pinpointing areas of vulnerabilities and eliminating weaknesses
Penetration testing solutions
Proactively testing your cyber defenses is one of the best ways to ensure you’re safe from data breaches and other cyber threats. Foresite Cybersecurity pen testing helps to identify vulnerabilities in your systems and infrastructure before they can be used against you.
360° holistic penetration testing
Find and eliminate security gaps before they impact your business. Get a complete view of your vulnerabilities with internal, external, cloud, and web application pen testing solutions.
Third-party pen testing as a service (PTaaS)
Get a true understanding of your current security from an outsider’s perspective. Our penetration testing as a service (PTaaS) solution is an affordable option for businesses of all sizes.
White, gray, or black-box testing
Choose a whitelist assessment for total understanding of your internal infrastructure & application security, a black box test to see how your security holds up against attacks, or gray box for the best of both worlds.
Proactively detect and respond to cyber weaknesses
Customizable and scalable penetration testing for organizations of every size.
Comprehensive, custom-tailored pen testing
Your business isn’t one-size-fits-all, so why should your penetration assessments be? Our skilled and experienced team of penetration testers work with you to make the most of your testing engagement, helping you to find the answers to the questions that matter most to you.
Internal penetration testing
External pen testing
Cloud penetration testing
Web application penetration testing
Penetration Testing as a Service (PTaaS)
Proactive detection & response
The 3 types of penetration testing
Black-box testing
In black-box testing, the customer provides network access to resources/equipment. No network information is provided, except static IPs.
Best for: In-depth pen testing that mimics real-world attacks and tests all levels of security defenses (firewalls, EDR tools, etc).
Gray-box testing
In gray-box testing, the customer provides limited information such as number of active devices, number of subnets, and IP addresses/ranges.
Best for: Balancing depth and efficiency by simulating an insider threat or an attack that has breached the network perimeter.
White-box testing
In white-box testing, the customer provides detailed information about the network, including IP addresses and ranges, sensitive device IPs, network diagrams, and more.
Best for: Saving time & money, simulating a targeted attack on a specific system using as many attack vectors as possible.
Penetration testing steps
If using a black-box pen testing approach, we go through a process of “fingerprinting.” With no inside knowledge of your infrastructure, we identify access points and address ranges, find associated domain names, attempt to gain insight into user id/password makeup, identify potential social engineering avenues, and gather information about your infrastructure.
For black-box, gray-box, and white-box pen testing, we will identify all accessible hosts and their associated services and applications within the identified IP-ranges in their entirety. Where possible, identification will include system type, OS type, services type, and services version.
We identify vulnerabilities for each identified host and associated services using both public and proprietary techniques. Foresite will correlate the vulnerabilities to determine if a combination of vulnerabilities will allow for a larger exploit and provide a risk rating based upon technical, legal and regulatory, and business issues.
We then conduct a false positive analysis to confirm that the vulnerabilities found via scanning are indeed actual confirmed or potential vulnerabilities. This activity is conducted by a Foresite consultant using manual testing methods. Any exploit that would result in a Denial of Service, disrupt services or system access, or result in the actual penetration of the system and risk damaging the system will not be performed. These vulnerabilities will be listed as potential vulnerabilities and will require further investigation.
Penetration testing activities may be performed on specific network segments, VLANs, or whole networks and customized to your needs. Penetration testing includes exploitation and attempts to gain access via identified vulnerabilities to gather additional data or to devices. Upon gaining access to a device, Foresite will gather information to move laterally (if needed/required) within the environment. This may include installing tools on devices, adding user accounts, or use of installed software/applications for “malicious” actions. All tools and accounts to be removed upon completion of testing.
