Our Managed Penetration Testing

ICOMEDGE provides penetration testing services as a one-off assessment, or on an ongoing service. Our Crest(Council For Registered Ethical Security Testers) certified engineer can identify weaknesses in your business’s information systems. Upon discovering the vulnerability, we validate the finding and confirm the actual threat to your organization to eliminate false positives.

For ongoing support services, we will work with you to develop a regular (half Yearly, quarterly or yearly) penetration testing program suitable to your business environment. At regular interval, based on the penetration testing engagement, we send your team an encrypted report which lists all the issues found and suggested remediation action for each problem. You will get information about new trends, which will allow you to monitor the progress of your IT security initiatives.

  • Regulations such as PCI DSS, ISM, SOX, and HIPAA and the GDPR
  • Industry standards such as ISO 2700

Our Step by Step Process

Scoping

Before a test, our account management team will discuss your assessment requirements for your systems, networks, or applications to define the scope of the individual test.

Reconnaissance

We will attempt to gather information about your organization and how it operates. We will use automated scanning to identify potential security holes that could lead to your systems being compromised.

Assessment

We will conduct manual tests (e.g. authentication bypass, brute-force attack, public exploits) to compromise your system environment and identify attack vectors for your wider network.

Benefits of Our Managed Penetration Testing

  • Maintain annual Penetration Testing requirements with standard industry regulations and security standards such as ISO 27001, PCI DSS, HIPAA, ISO 9001, ISM, SOX, GDPR, etc.
  • Identify and close any blind spot in information security areas.
  • Test your existing security defenses and prepare for the next exercise.
  • Mitigate your risks and improve the security posture of your organization or application
  • Helps in increasing Return on investment for your IT investments
  • Make budget planning easier with pre-scoped tests and transparent fixed pricing(use existing one)
  • ICOMEDGE engagements deliver more than vulnerability scanning. Penetration tests are designed to penetrate deeper into your networks, exploit your vulnerabilities, finding the blind spots & close them.

Our Engagement Process

Penetration Testing Program Development

Our CREST-accredited penetration testing consultants can help you develop your managed penetration testing requirements by developing a penetration testing program that combines. level 1 penetration testing of your estate and level 2 testing of your critical systems and assets to maximize value.

Reporting

We will provide a detailed breakdown of all your results in an easily interpreted format based on the damage potential, reproducibility, exploitability, number of affected users, and discoverability of each finding.

The deliverable of a penetration test is a detailed report which includes: Executive Summary, Technical Review, Vulnerabilities, Recommendation, and the Appendix having tool outputs, screenshots, clarifications. Our assessments can report the results from a device under test against one or more below-mentioned standards or guidelines including:

  • GDPR
  • California Bill SB-327
  • OWASP IoT Top 10
  • UK Government (DCMS) Code of Practice for Consumer IoT
  • IoT Security Foundation Compliance Framework
  • CTIA Cybersecurity Certification Test Plan for IoT Devices
  • Penetration Testing Executive Standard (PTES)
  • Open Source Security Testing Methodology Manual
  • Centre for Internet Security (CIS)
  • National Institute of Standards and Technology (NIST)

Re-test

We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all identified issues have been successfully resolved.

ICOMEDGE Penetration Testing Services

External Network Penetration Testing

A network penetration test aims to assess your network for vulnerabilities and security issues in servers, hosts, devices, and network services.

This generally includes:

  • Identifying and assessing all Internet-facing assets a criminal hacker could use as potential entry points into your network;
  • Assessing the effectiveness of your firewalls and other intrusion-prevention systems; and
  • Establishing whether an unauthorized user with the same level of access as your customers and suppliers can gain access to your systems via the external network.

Clients will receive information about the identified vulnerabilities in a format that allows them to assess their relative business risk and the cost of remediation. This information can be used to resolve the vulnerabilities in line with the network owner’s budget and risk appetite.

Internal Network Penetration Testing

Internal penetration testing assesses what an insider attack could accomplish. The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorized access or is starting from a point within the internal network.

This generally includes:

  • Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
  • Assesses the vulnerabilities that exist for systems that are accessible to authorized login IDs and that reside within the network; and
  • Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.

Web Application Penetration Testing

A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding, and publishing of software or a website. This generally includes:

  • Testing user authentication to verify that accounts cannot compromise data;
  • Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security.

The vulnerabilities are presented in a format that allows an organization to assess its relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks

Phishing Penetration Testing

ICOMEDGE simulated phishing attack aims to establish whether your employees are vulnerable to phishing emails, so you can take immediate action to improve your cybersecurity. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns. After completing the simulation, the results of the test can be shared with employees. As part of this feedback, ICOMEDGE has developed an e-learning module to help your staff understand how phishing attacks work, the tactics that cybercriminals employ to lure inattentive users, and how to spot and avoid a phishing campaign.

Social Engineering Penetration Testing

Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical. ICOMEDGE Social engineering penetration tests provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training.

Our social engineering penetration test will help you:

  • Establish the publicly available information that an attacker could obtain about your organization;
  • Evaluate how susceptible your employees are to social engineering attacks;
  • Determine the effectiveness of your information security policy and your cybersecurity controls at identifying and preventing social engineering attacks; and
  • Develop a targeted awareness training program.

Red Team Advanced Penetration testing

Our Red Team Advanced Penetration Testing service helps your organization in identifying major threats that may be overlooked from information security. This testing is conducted to find a way in the system and bypass weak security controls. In this technique, ethical hackers use a non-conventional approach by manipulating systems to infiltrate an organization and compromise critical business assets. Pentester can use numerous attack vectors such as Wi-Fi, External IP addresses, Cloud Storage, etc.   Red teaming is basically to test your blue team( existing security & incident response). Read team advanced penetration testing is essential to secure your organization’s assets.

Wireless Network Penetration Testing

Wireless networks are everywhere. Employing a wireless solution can offer greater flexibility, but it comes with greater potential for the attack as it expands your organization’s logical perimeter. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant. Wi-Fi can provide opportunities for attackers to infiltrate an organization’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.

Wireless network testing generally includes:

  • Identifying Wi-Fi networks, including wireless fingerprinting, information leakage, and signal leakage;
  • Determining encryption weaknesses, such as encryption cracking, wireless sniffing, and session hijacking;
  • Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
  • Identifying legitimate users’ identities and credentials to access otherwise private networks and services.

Security Code Review

Secure code review is an activity performed to identify security-related weaknesses or flaws in the software code. This process can be manual and/or automated depending on the requirement. It is an important part of the Software development Cycle.

Why Choose ICOMEDGE?

We hold accreditation at individual levels

•    Certified Red Team Operations Professional (CRTOP)
•    EC-Council Certified Ethical Hacker (CEH)
•    EC-Council Licensed Penetration Tester (LPT) Master
•    IACRB Certified Penetration Tester (CPT)
•    Certified Expert Penetration Tester (CEPT)
•    Certified Mobile and Web Application Penetration Tester (CMWAPT)
•    Certified Red Team Operations Professional (CRTOP)
•    CompTIA PenTest+
•    Global Information Assurance Certification (GIAC) Penetration Tester (GPEN)
•    GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
•    Offensive Security Certified Professional (OSCP)
•    CREST

Our Team

Our technical services team includes highly skilled penetration testers who can test your system defenses and websites for vulnerabilities, carry out exploits in a safe manner, and advise on appropriate mitigation measures to make sure that your systems are secure.

We hold accreditation at individual levels

Our penetration tests are performed by industry-accredited security testers, who use their diverse knowledge of penetration and vulnerability testing and the associated security challenges to deliver accurate results.

Practical solutions to help you meet your legal, regulatory and contractual requirements

Our expertise in standards such as the PCI-DSS, ISO 27001, the GDPR, and ISO 9001 means we can offer an integrated approach and can develop suitable solutions that will help you to reduce your risks and ensure compliance with standards, frameworks, legislation, and other business requirements.