The GDS penetration testing methodology is designed for assessing high-risk targets such as Internet facing infrastructure and business critical systems. Selected client systems are evaluated and compromised in efforts to gain access to sensitive company resources and data. These activities simulate those of a motivated individual or organization focused on obtaining unauthorized access to confidential and proprietary intellectual property and/or customer data.
Each of the following testing options can be included or customized to meet specific security goals and requirements.
Blind Network Reconnaissance
Minimal company and network infrastructure information is provided to GDS prior to start of the engagement. The blind reconnaissance approach leverages publicly available information sources to discover the target networks, and is useful in determining the level of information available to company outsiders.
All network ranges and IP addresses are provided to GDS before testing begins. This assumes that an attacker will ultimately discover all of the company's network ranges and therefore maximizes time spent on vulnerability identification and exploitation.
Stealth Network Testing
Designed to assess perimeter networks while evading detection via intrusion detection systems and/or network administrators.
Root or administrator-level access is granted to GDS security engineers on a perimeter server(s) to gauge the exposure of internal or protected resources in the event that a perimeter host is compromised with a "zero-day" vulnerability.
GDS delivers a detailed and comprehensive report at the conclusion of each security assessment. All GDS reports are highly customizable depending on requested reporting requirements and typically include an executive summary, detailed technical findings and recommendations, and illustrative walkthroughs of all exploitation steps performed.
- Regression testing of all items identified during the assessment
- Vulnerability Remediation Assistance and Project Management