NorthState provides a formidable program of penetration testing, or “pen testing,” to help identify and remediate potential vulnerabilities in your network. This capability is offered by our outstanding team of penetration testing engineers, including veterans and government-trained experts with experience and skills developed in challenging, stressful environments. With the permission of your IT team, our experts use the latest techniques to identify vulnerabilities, articulate risk, and recommend actionable solutions.
Our testing methodology and recommendations align with best practices including NIST SP800-115 CIS Benchmarks, OWASP, Penetration Testing Execution Standard, Microsoft, and CISCO. All our engineers continuously work to increase their knowledge of evolving threats, penetration technology and techniques, and certifying their knowledge and skills.
Web Application Penetration Testing
Public-facing web services are a business requirement for most organizations. However, they are also significant targets for compromise. Our experts identify security weakness across the entire web application and its components, assessing target visibility, accessibility, trust factor, exploitation potential, and position within the network. NorthState then distills this information into a report that prioritizes and documents vulnerabilities, explains threats, and makes recommendations to mitigate them.
Internal/External Network Vulnerability Scans and Penetration Testing
Most companies’ external infrastructures are scanned every day by potential attackers, and vulnerabilities are often known and shared within the hacker community. Penetration testing identifies and helps an organization prioritize real-world risk within the IT infrastructure. In this way, the NorthState engineer demonstrates how vulnerabilities are exploitable. Your organization gains valuable documentation of prioritized findings and practical recommendations.
Wireless networks enable business processes to occur anywhere the signal reaches, but ease-of-access may be misused by an attacker. Signals are often broadcast both inside and outside the building, where they can be attacked with minimal physical controls. NorthState attempts to bypass the security controls that provide authentication, authorization, and access to the wired networks. Along with prioritized findings and recommendations, NorthState’s documentation includes cartographic views of your wireless footprint, identifying physical vulnerabilities and issues such as rogue access points.
Mobile devices regularly connect to a variety of networks, including public Wi-Fi networks shared with other (potentially malicious) users, and creating opportunities for a wide variety of network-based attacks. The goal of mobile application security is to maintain the confidentiality and integrity of information exchanged between the mobile application and remote service endpoints. NorthState works closely with your organization’s subject matter experts to identify your risk profile, testing requirements, and the approach.
“Phishing” is a generic term for a variety of social engineering attacks which, when successful, can circumvent almost any network’s security. Phishing attacks rely on responsive actions by employees who may be busy and unsuspicious of routine events. For example, an employee may accidentally interact with an email from an address that appears legitimate, receive a call from known numbers, or answer a request to open links that appear to be from a known website. The best defense against phishing attacks is an informed and aware employee population.
NorthState assists with maturing your security awareness through a well-planned and executed phishing campaign. This experience benefits employees through awareness and experience with phishing techniques and provides the organization with baseline user awareness documentation.
Physical penetration testing is as important, if not more, as any cybersecurity test. Regardless of how effective an organization is at patching or hardening network devices, if you are vulnerable to a physical access attack, you accept significant risk. Technical security solutions are generally of limited value if an attacker gains physical access to network-connected devices.
Our engineers utilize advanced techniques to identify your organization’s physical security vulnerabilities, including aerial drone observation, NFC/RFID chip readers, social engineering, physical breach tools, and deception. Following approved guidelines, NorthState will attempt to gain access to facilities and organizational network devices. The results include documented evidence and prioritized recommendations.
Red Team Exercises
Red Team penetration exercises combine all the techniques listed above. A Red Team’s goal is gaining access – without being discovered – by quietly building on small successful intermediate steps. Red Team penetration testing is one of NorthState’s specialities: Our engineers annually participate in numerous competitions and frequently conduct internal exercises to hone their skills. For organizations with mature security programs, a Red Team penetration test by NorthState experts provides an added level of confidence.