Penetration Testing

Penetration Testing service provides cyber-attack simulations using real-world tactics, techniques, and procedures (TTPs).

Penetration Testing employs blended threat scenarios to test the effectiveness of your IT security defenses, policies, and staff.

TrustedSec delivers an integrated approach to assess your Information Security defenses by combining multiple testing strategies into a comprehensive offensive engagement, with the sole objective of gaining access to critical assets.

TrustedSec Attack Platform (TAP)

TAP performs Internal Penetration Tests, Wireless Assessments, and Incident Response without requiring a consultant to be sent on-site.

The TAP device can be connected at any point of the network and establishes a secure tunnel back to the TrustedSec headquarters. This helps to reduce travel expenses and allows additional consultants to collaborate on the assessment.

With TrustedSec, you can:

  • Improve your team’s organizational readiness
  • Gauge current performance levels
  • Improve training for defenders
  • Increase end-user Information Security awareness
  • Evaluate the effectiveness of your IT security defenses and controls
  • Gain objective insight into vulnerabilities that may exist within your environment

PENETRATION TESTING EXECUTION STANDARD

TrustedSec is one of the founders of the Penetration Testing Execution Standard (PTES), a standard that has gained wide adoption within the security community. PTES follows a seven-phase process flow that allows for a repeatable and systematic approach to Penetration Testing and Red Teaming assessments. The PTES process flow breaks down each phase of a Penetration Test in a methodical way, while still allowing the creativity and flexibility that an attacker would employ. TrustedSec believes that by utilizing the PTES, our assessments will ensure the highest level of quality with the most skilled attackers.

pre-engagement interaction

Pre-Engagement Interaction

Understand the overall scope of the engagement
intelligence gathering

Intelligence Gathering

Identify the organization's presence and public information and analyze the target
threat modeling

Threat Modeling

Formulate the best methods of entry into the organization
Incident response and forensics

Vulnerability Analysis

Identify exposures and the associated avenues for attack
exploitation

Exploitation

Provide the initial access into an environment and circumvent security controls
post exploitation

Post-Exploitation

Understand the business and where sensitive data may reside
reporting

Reporting

Communicate our efforts in a comprehensive document containing all findings

Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction

As a web application tester, I encounter a recurring challenge in my work: receiving incomplete responses from Burp Collaborator during DNS and HTTP response testing. For example, Collaborator will provide the IP address that performed the DNS look up or HTTP Request. Sometimes, these responses turn out to be false positives caused by intrusion protection...
Read