Pricing for a penetration test depends on scoping factors, including business applications, technology platforms, physical locations, and other environment aspects. Pricing will coincide with the amount of time needed for the engagement, as well as how many experts are needed to complete it.

External network penetration testing focuses on the perimeter of your network and identifies any deficiencies that exist in the controls that protect against remote attackers targeting the Internet-facing systems in your environment.

• Port scans and other network service interaction and queries
• Network sniffing, traffic monitoring, traffic analysis, and host discovery
• Spoofing or deceiving servers via dynamic routing updates (e.g., OSPF, RIP spoofing)
• Attempted logins or other use of systems with any account name/password
• Use of exploit code for leveraging discovered vulnerabilities
• Password cracking via capture and scanning of authentication databases
• Buffer overruns/underruns
• Spoofing or deceiving servers regarding network traffic
• Alteration of running system configuration except where denial of service would result
• Adding user accounts

Internal network penetration tests target the networked environment that lies behind your public-facing devices. It is designed to identify and exploit issues that can be discovered by an attacker who has gained access to your internal network.

• Internal subnets
• Domain servers
• File servers
• Printers
• Switches

During penetration testing, our experts gain initial knowledge by researching an organization’s infrastructure assets. They follow a methodology derived from various sources, including the OSSTMM, Information Systems Audit Standards, CERT/CC, the SANS Institute, NIST, and OWASP. After interpreting the results, they will use manual techniques, human intuition, and years of experience to attack the vulnerabilities found. After the exploitation, our professional writing team will send you a comprehensive report with a narrative explaining the testing techniques, vulnerabilities exposed, and guidance for remediation action steps.

Every penetration test is different. Depending on the scope of your environment, time spent testing may vary. The average penetration test takes two to three weeks. The entire engagement including kick off, scoping, access and whitelisting, research, attack, report writing, vulnerability remediation, retest, and final report averages around two to three months.

After a penetration test, our professional writing team will work with your tester to write a comprehensive report with a narrative explaining the testing techniques, vulnerabilities exposed, and guidance for remediation action steps.

For various auditing frameworks the time frames range from every six months to a year. As cybersecurity experts, we know that security is cyclical and suggest a continuous testing approach to testing. Depending on an organization’s level of security maturity, penetration test recurrence could vary.