Medium

What is it? 

A penetration test (pen test) is an authorized, simulated attack used to evaluate an organization’s security posture.

Penetration testing can help organizations to:

  • Evaluate the effectiveness of their security measures
  • Identify and prioritize potential security risks
  • Validate the security of their systems before they go live
  • Verify the security of third-party applications and services
  • Comply with industry standards and regulations that require regular security testing

The NDIT Cyber Active Defense team offers a variety of penetrating testing services including our basic penetration test – an introductory test that will help us baseline your security posture and make better recommendations of security needs – as well as more advanced penetration tests.

 

What do you get with the service? 

To begin the process, we will meet with you to better understand your goals to help determine what should be performed during the test. Following this meeting, we will create a test plan containing the agreed upon rules of engagement, scope, schedule, and any necessary setup or cleanup activities that need to happen. This document must be signed off by both parties.

The typical duration of a penetration test is 4-6 weeks. Requests are prioritized as they come in and are scheduled based upon the availability of resources.  Please submit requests 4 weeks in advance.

The result of a penetration test is a comprehensive report that outlines the weaknesses found, their potential impact, and recommended remediation steps.

After the test, you will receive a report containing the following:

  • Executive summary
  • Overview of the findings
  • Recommendations
  • Finding details
    • Description
    • Screenshots
    • Steps to reproduce
    • Steps to validate
    • References
  • Test methodology

Cyber Active Defense will schedule a meeting with you to walk through this report and answer any questions and discuss next steps.

 

How do you request this service? 

NDIT’s Self Service Portal may be used to submit an “Generic" service request and provide the following details in the description:  

  • ATTN: Cyber Active Defense.  Request for Penetration Test type(s)
  • Target dates

This information will help the analyst triage the request and prepare for the pre-engagement meeting with you. Your Information Security Officer can help you with this process.