SECURITY ENGINEERING & ARCHITECTURE 

Netneering

  • Understanding of the System Development Life Cycle (SDLC) and security controls that should be in place
  • Evaluate security components against their ability to resist threats in the deployed environment.
  • Provide penetration testing across the Application, System, Network, and Physical Layers
  • The results of Penetration Testing/Ethical Hacking exercises must be reported in a format that can be presented to a wide variety of audiences with different technical skill/knowledge levels

Penetration Testing
















Key Attributes:
























Penetration Testing Types
Description
White Box
 The customer intervenes with part of the discovery and planning phases to provide specific information that will aid in the penetration testing.

Black Box

 Allow us to use any tools, processes, or procedures within a reasonable expectation to attempt to penetrate your environment.  The customer provides almost no information.
Grey Box
 Utilize a mixture of white box and black box  techniques to perform penetration testing.


Purpose:  A Penetration Test is conducted to understand the overall security posture of an organization  by using an offensive attacker's approach to intentionally breakdown security barriers to infiltrate networks, systems, or applications. 


At Netneering we understand the value of performing penetration tests to discover vulnerabilities and gaps before the perpetrators do.  Whether it is white, grey, or black box, each type of test has its applicability to your organizational function and need.

Item
WorkStreams
Description
1
Reconnaissance
 Using a number of resources, both public, private, or customer supplied to gear up for the attack.
2

Planning

Determine the type, magnitude, durations and other attributes of the attack in efforts to accomplish a desired end goal.
3
Attack Execution
 Guided by the planning, begin the offensive/active part of the attack campaign.
4
Maintaining AccessInstitute backdoors or measures to guarantee that subsequent access to compromised networks, systems, or applications remains intact.
5
Covering Tracks
 Measures taken to cover up areas which have been exploited so as not to alert the victim or other attackers.