The development of a practical, but fortified Framework.
Where vulnerability scanners frequently only check whether a specific vulnerability exists, the attack phase of a penetration test exploits identified vulnerabilities, confirming their existence.
Cyberkong will conduct penetration testing from outside the organization’s firewall, to attempt to find security holes in the organization’s perimeter protections or at exploiting vulnerabilities that were previously identified. The application of any automated tools will follow NIST Guidelines, in particular, SP 800-30 Revision 1, the Guide for Conducting Risk Assessments and any agency guidelines that exist.
Guidance and rules for aspects such as, but not limited to:
- NGS SQuirreL (for database vulnerabilities)
- Other client-approved tools as deemed necessary to meet the requirements
Once we receive test results, security flaws in the design, policy, or implementation of the system with which your business uses may be uncovered. To support the test objectives, Cyberkong will use Penetration Testing and Whitebox Testing to verify the security state of the Service Authority Systems.