Pen Testing

How secure is your company?  Many companies do not know and are not aware of the need for Penetration Testing. With growing reports of companies’ losses in the news due to unethical hacking, there is a greater awareness of the need for Pen Testing.  There is also a growing number of security policy changes that now require due diligence, or penetration testing.

We offer the services known as risk assessments, security assessments, penetration testing or ethical hacking based upon our expertise in the security field. Our reputation is our most valuable asset. Our integrity is your most valuable asset. We subscribe to the penetration testing principles of the OSSTMM and the security principles of the CISSP.  All work product is validated in a forensic manner.

  • Qualifications:  The Expanding Security team holds more than sixteen security certifications including CISSP, CEH, ISSAP, CISM, and more.
  • Baselines:  Expanding Security performs assessment baselines which provide a thorough analysis of the subject area and deliver the results in a complete report.
  • Managing Assessments & Vulnerabilities: Expanding Security’s baselines are available as ongoing programs and can be performed on a monthly, quarterly, semi-annual, or yearly basis.
  • Custom Assessment Programs:  You can count on Expanding Security to identify specific requirements and provide an assessment program that is cost effective.
  • Scalable Assessment Solutions:  All Expanding Security’s programs are tuned to the needs and goals of our clients.

Your Penetration Test will vary and depend on your company’s scope and goals for the project.  We can tailor to a narrow scope, one-day project to the fuller scaled Penetration Tests.

A per day engagement with the following possibilities:

  • Scope meeting
  • Contract signing by senior official of organization
  • Integrity and confidentiality validation
  • Passive or Active reconnaissance
  • Rescope meeting to verify security perimeter
  • Safe word and proper communication plan
  • Security assessment
  • Interim report of critical flaws
  • Final report
  • Outcomes of engagement: Any or all of the following can be expected at the end of the penetration test.
  • Letter of recommendations for remediation
  • Long-term plan for security process
  • Suggestions on product tuning
  • Risk assessment statement of applicability
  • All engagements will have a pre quote expectation. Changes in scope of more than 10% will require a meeting with the stakeholders

Contact us for a free consultation.  Dean.Bushmiller@ExpandingSecurity.com; Helaine.Thornton@ExpandingSecurity.com