How secure is your company?  Many companies do not know and are not aware of the need for Pen Testing, or Ethical Hacking. With growing reports of companies’ losses in the news due to unethical hacking, there is a greater awareness of the need for Pen Testing.  There is also a growing number of security policy changes that now require due diligence, or penetration testing.

We offer the services known as risk assessments, security assessments, penetration testing or ethical hacking based upon our expertise in the security field. Our reputation is our most valuable asset. Our integrity is your most valuable asset. We subscribe to the penetration testing principles of the OSSTMM and the security principles of the CISSP.  All work product is validated in a forensic manner.

  • Qualifications:  The Expanding Security team holds more than sixteen security certifications including CISSP, CEH, ISSAP, CISM, and more.
  • Baselines:  Expanding Security performs assessment baselines which provide a thorough analysis of the subject area and deliver the results in a complete report.
  • Managing Assessments & Vulnerabilities: Expanding Security’s baselines are available as ongoing programs and can be performed on a monthly, quarterly, semi-annual, or yearly basis.
  • Custom Assessment Programs:  You can count on Expanding Security to identify specific requirements and provide an assessment program that is cost effective.
  • Scalable Assessment Solutions:  All Expanding Security’s programs are tuned to the needs and goals of our clients.

Your Penetration Test will vary and depend on your company’s scope and goals for the project.  We can tailor to a narrow scope, one-day project to the fuller scaled Penetration Tests.

A per day engagement with the following possibilities:

  • Scope meeting
  • Contract signing by senior official of organization
  • Integrity and confidentiality validation
  • Passive or Active reconnaissance
  • Rescope meeting to verify security perimeter
  • Safe word and proper communication plan
  • Security assessment
  • Interim report of critical flaws
  • Final report
  • Outcomes of engagement: Any or all of the following can be expected at the end of the penetration test.
  • Letter of recommendations for remediation
  • Long-term plan for security process
  • Suggestions on product tuning
  • Risk assessment statement of applicability
  • All engagements will have a pre quote expectation. Changes in scope of more than 10% will require a meeting with the stakeholders

A few examples of our website capabilities:
OWASP Top Ten Mapping

We map your website basic attacks to the OWASP Top Ten vulnerability list. If your staff needs to learn more about how to address the issue we discovered from a technical standpoint this mapping will get them started.

HTTP Strict Transport Security Test

If your web application uses HTTPS and doesn’t take advantage of HSTS we will report this.  HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS.You can read more about HSTS.

 

 

Contact us for a free consultation.  Dean.Bushmiller@ExpandingSecurity.com; Helaine.Thornton@ExpandingSecurity.com

Leave a Reply