Penetration Testing

Acknowledge the holes in your systems before the hackers use them against you  

UnderDefense stands out in the field of penetration testing because they understand the importance of security risks and are able to map it to the domain in which their client is operating. Simply using automated scanning tools is not a replacement for smart, intelligent people with a deep understanding of security-related issues. Taking penetration testing to the next level, using real people to test systems and interpret the results.

Maarten van der Vlugt

CTO, Mindmarker

Our global team of certified security experts (CEH, OSCP, CCNP, MCP, CLE) perform real–world attack simulations to test defenses and uncover actual risk from the perspective of a motivated attacker. To take this service to the next level, our Security Assurance Program offering delivers insight into programmatic security issues, including identification and guidance on root cause solutions to provide recommendations for defenses based on the attacker mindset. Having our UnderDefense offensive security team conduct a penetration test is a valuable way to test your defenses and uncover security weaknesses from the perspective of a motivated attacker. Penetration tests can also help meet compliance requirements and comply with best practices. To take this service to the next level, UnderDefense can deliver recommendations for defense and strategies for wireless, social engineering and boutique engagements that demonstrate the security level of key systems and infrastructure.

Our Penetration Testing Services team delivers

Network & Infrastructure

Application and API interfaces

Social engineering engagements

Wireless networks

HOW WE DO IT:

The best way to know how intruders will actually approach your network is to simulate an attack under controlled conditions.

Penetration testing service types:

  • Compliance specific (PCI, HIPAA, SOC2,3, OWASP) or organization penetration tests (Internal and external)
  • Application penetration tests (Web and mobile)
  • Wireless penetration tests (WEP, WPA, WPA2-PSK, WPA2-Enterprise)
  • Social engineering security testing (physical, pre-text calling, and phishing)

Our company will conduct manual verification of exploitable or significant vulnerabilities according to OWASP Application Security Verification Standard (ASVS) level 1guidelines and OWASP Top 10 security standards. Our customized services approach also supports boutique engagements aligned with specific objectives or technologies. Services may include:

  • Code Review
  • Distributed denial of service (DDoS) testing
  • Malware analysis
  • Embedded device penetration testing
  • Technology and platform-specific penetration testing
  • Other customized and threat-focused penetration testing
SERVICE DETAILS:
  • Duration: 2-4 weeks
Applicable:
  • IT infrastructure
  • Public Web Sites
  • Web Applications
  • Mobile Applications
  • Public/Private Clouds
Value:
  • Meeting compliance
  • Identifying high risk and unknown vulnerabilities
  • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Providing evidence to support increased investments in security personnel and technology to C-level management, investors, and customers
Output:
  • Technical Report with findings details with Executive section
  • Proof of Vulnerability and bug reproduction instruction for each defect
  • Vulnerabilities ranked by Risk level, CWE, CVSS v.2 rank
  • Remediation recommendations and Technical references
  • Presentation and demo that represent key findings
  • Security Auditing report with compliance status

Pin It on Pinterest