A Penetration Test (pentest for short) is the process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others with a somewhat less than honorable intent.  Pentests are also useful for testing an organization's responsiveness and defense capabilities (testing IDS/IPS, Intrusion Response Plan, etc.). Also referred to as Ethical Hacking.

A Vulnerability Assessment (VA) is the process of identifying vulnerabilities in computers and networks, as well as weaknesses in policies and practices relating to the operation of these systems. A vulnerability assessment is more general in nature, and has the aim of determining all security faults without necessarily exploiting them.  

NEW: We have a four-day training offering in this area - please see our Training page.

Our group has extensive experience is this area, and an arsenal of tools, both Open Source and Commercial (Nessus, SAINT, Core Impact, Metasploit, etc.) We follow the Open Source Security Testing Methodology Manual  (OSSTMM)procedures and guidelines for these types of assessments. Our consultants are Certified Penetration Testing Specialists and Certified Penetration Testing Experts (CPTS/CPTE).

Specialized penetration tests and vulnerability assessments can be commissioned for PCI DSS compliance, Point of Sale (POS) Systems, Web Applications, Warehouse / Stores systems, Wireless Networks, VoIP deployments, databases (Oracle, Informix, MS SQL Server, Sybase, etc.), SCADA systems, and other areas.

Find the security problems on your systems before the hackers do!