Penetration Testing

Penetration Testing or Vulnerability Assessment?

The answer is… “BOTH”!

While the two activities are distinctly different, we find our clients gain the most business value from a hybrid engagement.

Fundamentally penetration testing (aka pen-testing) differs from a vulnerability assessment in that pen-testing takes the additional actions to exploit discovered vulnerabilities, document the steps taken to do so and any counter measure observations.  In some circumstances confirmed exploitation is required for conclusive testing or to meet regulatory compliance.  In many cases taking a “do-no-harm” approach is all that is feasible, so that’s the course of action we take.

HUB Tech’s certified and highly skilled practitioners can provide either type of engagement under their strictest definition however what you need is more important to us than what an industry definition may limit.  Together we’ll determine what makes the most sense for you and get it done!

Informed and Empowered!

This service has been designed to help you realize a principle strategy in which “Offense” informs “Defense”.  Every organization has a unique attack surface and the means to reduce it.  Our goal is to help you understand where people, process, and technology constitute risk to your business and how to minimize that risk.

We serve as an independent and agnostic resource for you to gain the critical IT security insights you need to achieve and maintain acceptable risk.  Whether you’re a CEO, CISO, Compliance Officer, VP of Application Development, IT Director, or simply stated, the person responsible for ensuring effective IT security controls, we know how to present you with actionable findings.  Our technical, social, and business acumen enables us to deliver fact-based findings in the right context(s) for you to affect positive change in your security posture.

Highlights of Activities

  • External Vulnerability Scanning
  • External Penetration Testing
  • Wireless Security
  • Social Engineering/Phishing
  • Web Application Security
  • Physical Security Assessment
  • Internal Vulnerability Scanning
  • Internal Penetration Testing
  • Configuration Reviews
  • Security Policy and Operation Reviews
  • Mobile Device/Mobile Application Testing
  • Source & Binary Code Analysis and Testing

Many of these activities can and should be conducted on a continuous basis to ensure you’re always ahead of the ever changing threat landscape.  Ideal examples are Vulnerability Scanning-as-a-Service and Cyber Security Awareness Training & Testing  from the HUBcare portfolio.

Other Services You Can Engage:

  • IT Security Program / Policy Development & Auditing
  • IT Security Posture Maturity Assessments
  • Incident Management Program Development
  • Cyber Security Awareness Training
  • Regulatory Audit Preparedness and Response Assistance
  • Business Continuity & Disaster Recovery Planning