Capitol Consulting begins all penetration tests with a combination of Social and Technical reconnaissance. Social reconnaissance identifies information that would compromise the target, such as information on company websites. We include source code analysis to establish an Internet security profile. Technical reconnaissance focuses on the discovery of hosts, service fingerprinting, configuration analysis, web server directory enumeration, etc. Depending on the threat and intensity levels, we use port scanners, web application scanners, vulnerability scanners, etc.
During this stage, Capitol Consulting creates an Attack Matrix and correlates all information. The matrix identifies all potential attack vectors and organizes them by probability of successful penetration. Every identified listening port or web application component is considered to be a potential attack vector. Furthermore, all Web Application Code is reviewed for vulnerabilities and coding practices.
Penetration efforts begins. Our system provides a manually intensive research driven process to penetrate more complex targets.
With senior management, Capitol Consulting determines the threat level to the asset and organization to create a plan of action that is implemented to white hat standards: the threats that are rated on a scale from one to ten.
Network Penetration Testing identifies the presence of points where a threat aligns with existing risks to achieve penetration. Capitol Consulting helps prevent penetration by identifying these points and providing effective methods for remediation before breach. To provide maximum impact, the tests are delivered at threat levels that are slightly elevated to ensure that the network penetration tests provide an accurate measure of risk. Network Attacks, Social Attacks, and Physical Tests represent the three top-level attack classes all of which can have standalone configuration or can be used to augment the other.
Capitol Consulting presents findings with Senior Management to display a game plan mapped out with vulnerabilities and mitigation.