Protecting customer privacy and preserving the integrity of intellectual property is a challenge for every organization—even some of the most security-savvy corporations have experienced devastating loss of revenue and reputational damage due to serious security breaches. An effective penetration test simulates an attempt at breaching security so that the organization can better understand the risk factors involved and the potential consequences of an intrusion.
IOActive uses automated software tools, customized proprietary scripts, and manual techniques to test applications and networks for exploitable vulnerabilities that could allow unauthorized access to key information assets. The goal is to assess the infrastructure's security posture and attempt to exploit security flaws that might allow privilege escalation, disclosure of sensitive information, injection of malicious code into trusted components, invalid transactions, and other conditions generally recognizes as posing security risks.
During a penetration test, IOActive evaluates security by:
- Reviewing the organization's infrastructure, protective boundaries, and external factors.
- Identifying ingress or attack points.
- Attacking, modifying, and hijacking client/server interactions.
- Discovering high-level vulnerabilities.
IOActive's Penetration Testing services include:
- SCADA testing.
- Active attempts to retrieve corporate email, phone calls, instant messages, account lists, passwords, accounting records, intellectual property.
- Firewall/IDS/IPS evasion and exploitation.
- Remote access compromise (VPN, PBX, war dialing).
- Client-side exploitation.
- Phishing attacks and social engineering.
- Untrusted media insertion, (USB dongle/CD attack).
- Wireless key cracking (WPA, LEAP, WEP).
Download the Infrastructure Audit Brochure (PDF).
