Penetration & Vulnerability Testing

In 2010 Ethical Intruder began our service offerings primarily focused on penetration testing and vulnerability evaluations. Early on we realized that there was a mismatch between typical security teams and the composition of actual hackers. Malicious Intruders often came from a software engineering background, so Ethical Intruder developed our Intruder teams to include those who actually had experience in architecture and development of the very systems our customers look to protect. By combining these skills with core security backgrounds we can review your systems in a way only paralleled by actual hackers.

Ethical Intruder incorporates several best practices including PTES, OWASP, NIST and CIS technical guidelines in our ethical hacking evaluations that help define procedures to be followed during a vulnerability evaluation or penetration test. These standards are solid baseline methods used within the industry and are continuously updated and modified by the community. Our Intruder teams utilize a combination of manual, automated and creatively engineered techniques to the evaluation of your systems.

Technical offerings at Ethical Intruder follow our core methodology regardless the type of evaluation we conduct which may including network, web application, mobile, IoT or Wi-Fi related projects. Some of the core services we perform for our customers include:

Network Vulnerability and Compliance Assessments

  • Focused on what an Intruder can see in your organization today
  • Vulnerability evaluations look to see if the “conditions are right” for an exploit to occur
  • Network Topologies & Default/Weak Passwords
  • Known Vulnerabilities in OS/Device/Enabling Software
  • PCI, SOX and PCI evaluations with specific remediation steps

Penetration Testing

  • CEH and PTES Methodologies
  • Evaluations move from finding vulnerabilities to proving the ability to exploit a device or system
  • Network, Web Application, Mobile and Wi-Fi evaluations
  • Full review and recommendations for securing your existing technologies
  • Beyond checklist based to assure your corporate goals are met

Web Application (OWASP) Vulnerability Analysis

  • Focused top 10 most common attacks on web application and mobile platforms
  • Identify and get remediation steps to fix
  • SQL Injection X-site scripting
  • Automated and creative manual simulations

Business Driven Ethical Hacking Exercises

  • Focus on how users interact with business systems
  • Scenarios based on client specific concerns related to business systems and where they may be most vulnerable
  • Creation of unique Technical Attack Points (TAP’s)

Looking for more information?

Have questions, need more information or want to better understand how we can help with your Cyber Security or Compliance needs?

How We Engage

Service offerings for Cyber Security or Compliance Programs have traditionally been consumed with one off projects. With increased focus on cyber security as a major business risk, the need for alternative delivery approaches has emerged.

Now Ethical Intruder offers two engagement models to meet our ongoing client requirements.

Project Based

Isolated projects when business needs arise or there is a specific partner, customer or compliance requirement.

Services Based

Flexible on-going subscription based programs that combine our Compliance, Technology and End User initiatives at a fraction of the cost of one in-house security team member.