Security Compass offers a range of professional penetration testing services to help businesses proactively identify and fix critical vulnerabilities before a real attack occurs. Our Advisory Services team offers a decade and a half of experience focused on application security, and we take a flexible approach to your penetration testing needs. We simulate the most up-to-date methods of real-world hackers in order to show how your business’s critical systems would fare in an attack.
With expertise across a variety of assessment types, we can test every level of your defenses and identify vulnerabilities across your entire organization. We can then work with your security team to fix these vulnerabilities and ensure the effectiveness of our work with retesting. The overall result is an organization with improved, proactive security preparedness that can operate with confidence that it can withstand the most up-to-date and harmful attack types.
Our in-depth testing methods, deep expertise, and customizable ways of working with clients set us apart from other penetration testing providers.
Deeper and more extensive testing We don't simply perform surface level assessments, like scanning for vulnerabilities, but use our deep expertise to simulate real life attacks to find and exploit vulnerabilities. What other organizations may refer to as “red teaming” is a standard part of our penetration testing services. Accordingly, the scope of our penetration testing extends beyond an organization’s technology to test its physical security as well as its staff through social engineering techniques.
An end-to-end penetration testing solution Going beyond just testing, our service includes gathering requirements, investigating an application's design through threat modelling, exploiting and testing an application via automated tools and manual techniques, discovering and managing vulnerabilities, providing guidance on remediation, and providing comprehensive reporting and measurements to track improvements.
Combined manual and automated testing Unlike other vendors who rely on automated testing, we thoroughly exploit applications by using a variety of manual testing techniques in combination with automated tools. Our automated tooling helps clients manage the penetration testing process in order to improve efficiency and to help scale testing across a large volume of applications. Our manual testing attempts to identify vulnerabilities rooted in business logic that typically cannot be detected by tools.
We become an extension of our clients’ teams Rather than just providing a service, we can become an extension of our client's teams and thoroughly integrate ourselves into an organization. We adopt our client's processes and policies during an engagement to minimize disruption and maximize collaboration. From there, we fully customize our assessments according to each customer's specific requirements, technology and processes.
Our penetration testing methodology follows a time-boxed approach using one, or a combination of, the testing strategies below. Security Compass will recommend the best approach for your organization based on identified requirements.
Our assessments cover virtually every major attack vector and all levels of an organization’s critical systems, from web, mobile, and desktop applications, to network and wireless infrastructure. Learn more about each assessment type below.
Security Compass’s web application assessments will use a combination of automated and manual assessment techniques to ensure adequate coverage under the applicable methodology. These include:
Automated assessment: We use automated tools and techniques that help with coverage across the web application to identify immediate, yet possibly critical, vulnerabilities.
Manual assessment: Using our consultants’ expertise we perform manual tests and verification tests.
Additional assessments: Depending on the application use case and technologies used, we can also address numerous other common web application vulnerabilities.
Security Compass’s mobile application assessments emphasizes black-box and/or gray-box testing of the application’s runtime as installed on the mobile device.
Our approach is based on the common modern mobile architecture that applications on the device will speak to an application programming interface (API) or end-point server. As such, our assessment consists of two parts:
Security Compass’s methodology for network infrastructure assessments covers the use of both automated and manual assessment techniques. Our approach typically follows these steps:
Reconnaissance: We inspect public resources to gather information about the network, services, targets, domains, connections to third-parties, etc.
Vulnerability scanning: We use automated tools on targets to identify open ports and any vulnerable services that could assist in directing manual testing.
Manual verification and analysis: We verify results from the automated assessment to focus testing and triage for false-positives.
Exploitation (optional): We attempt to exploit identified vulnerabilities to gain access to target infrastructure and to confirm the validity of a vulnerability.
Wireless testing relies on a walk-through of a facility to identify rogue access points or any configured access points that are weakly configured.
Security Compass performs a wireless walk-around and review of wireless access points on the premises, identifying security configuration concerns, encryption vulnerabilities, and unauthorized wireless networks.
We perform this testing on a time-boxed basis to represent a point-in-time assessment of the on-site location.
Deploying applications through Microsoft Terminal Services RemoteApp or Citrix technologies can introduce a number of vulnerabilities unique to these platforms. Applications and operating systems may not be locked down sufficiently, resulting in attacks which permit users to run arbitrary applications on the servers or access other servers that would normally be protected by firewalls.
Our assessment approach emphasizes black-box and/or gray-box testing. We perform a penetration test with the goals of breaking out of the remote application to access the underlying OS and other connected systems, and identification of weaknesses that can be utilized to elevate application privileges or gain access to underlying data and databases.
Security Compass’s methodology for assessing desktop applications can vary due to the kinds of software and operating systems required by such applications. Typically, we assess the application for the following vulnerabilities at minimum:
Security Compass’s VoIP assessment will use a combination of scanning and manual assessment techniques to ensure adequate coverage within the allocated time-box. This includes:
Vulnerability scanning: We use automated tools on targets to identify open ports, services and any vulnerable interfaces that could assist in directing manual testing.
Manual assessment of any exposed interfaces: We attempt to gain access or affect the operation of VoIP servers and devices.
Configuration Review: We review the configuration of VoIP handsets and server endpoints to ensure that the system implements best practices and standards
Security Compass performs an assessment of retail point-of-sale systems and applications running on these systems, including mobile and public terminal deployments. This involves an assessment of the PoS application software, including any device specific flaws, storage and data transmission vulnerabilities, and other issues important in retail PoS deployments.
Internet enabled mobile applications often speak to an endpoint API that provides back-end functionality. The API often controls the data flow, authorization, and authentication for the application.
When testing an API or web service, Security Compass gains a thorough understanding of how an application communicates with the back-end server and also gains knowledge of how the API requests are constructed and what controls are correctly enforced. While we leverage tools and scripts to help automate and extend our coverage, we also focus heavily on manually tampering and manipulating the API to circumvent authorization and authentication controls, in addition to more complex and discreet injection attacks.
Security Compass’s methodology for embedded device assessments can vary depending upon the device(s) under assessment. In most cases where the hardware operates through a firmware stored on the device, Security Compass will conduct the following phases:
Non-invasive reconnaissance: the focus of the first phase will be to inspect the embedded device to understand how the device operates without materially altering the device itself.
Invasive reconnaissance: After initial non-invasive reconnaissance and understanding the design and components of the embedded device, the focus will be on accessing hardware by connecting to the device through more invasive means (soldering, wiring, etc.).
Firmware extraction: In this step, assuming access is obtained to the device, attempts will be made to extract the device firmware (or operating system). Extraction of the firmware will allow further inspection of the manner in which the device operates.
Firmware analysis: The final step is to perform a firmware analysis with the extracted firmware in order to see if certain assets can be inspected that can determine how the device operates, and possibly avenues for local or remote, attack.
Hardware features that are unique to the device (radios, web interfaces, physical connections) will be reviewed for possible attack vectors, prioritized by reconnaissance efforts.
As IoT security standards are still in their infancy, guidance on IoT security can be hard to come by. Security Compass assess each IoT device using a risk-based approach that considers its highest risk threats. Our focus is on assessing the device hardware, firmware, software and operating infrastructure for any IoT device. Examples of some devices that we have assessed include the following:
We pride ourselves on developing custom solutions to meet any assessment challenge. Contact us if you have a bespoke app or device with custom requirements and we will put together a recommended solution for you.
For large organizations, getting attacked isn’t a matter of “if” but of “when.” With a decade and a half of expertise in the application security space and extensive testing methods, our penetration testing services are the best way to ensure the safety of your business.