Network Penetration Testing
Bishop Fox’s network security penetration testing methodology identifies security vulnerabilities by simulating the real-world threat of an attacker attempting to exploit target networks. These zero, partial, or full-knowledge assessments begin with the discovery of externally identifiable systems and footprinting of designated networks. Next, vulnerability scans are conducted using automated tools and the findings are manually verified. The team also enumerates the access control lists of firewalls and other perimeter security devices in order to pinpoint potential security exposures. Exposed services are scanned and tested using a combination of automated tools and manual techniques. Finally, the team performs further manual identification and exploitation of any vulnerabilities in an attempt to penetrate the targets and gain access to sensitive data, critical functionality, and the underlying infrastructure.
PCI ASV Quarterly Scanning
If your organization processes credit card payments, you know that, per PCI DSS Requirement 11.2.2, you must comply with PCI standards and enlist an external vendor to perform PCI ASV scanning. Our PCI ASV scanning methodology is designed to ensure your compliance with this regulation. If you’re not compliant, we will work with you to shore up and achieve compliance.
Wireless Penetration Testing
Bishop Fox’s wireless penetration testing methodology rapidly and effectively identifies wireless security issues using an expert-guided assessment model. These zero, partial, or full-knowledge assessments begin with the collection and analysis of target network information. Next, the team performs wireless scanning of both the facility’s perimeter and the interior of designated buildings to identify targets and vulnerabilities. Next, the assessment team manually reviews the scanning results to determine gathered data to identify potential areas of weakness within the wireless networks. Finally, the team performs further manual identification and exploitation of any wireless vulnerabilities in an attempt to penetrate the targets and gain access to sensitive data, critical functionality, and the underlying infrastructure.