Professional Gnet Testing

The IT Penetration Testing packages are designed to provide a complete solution for the efficient and routine testing of your IT system ensuring that your networks and applications are genuinely secure against today automated cyber-attacks.

The benefits of the IT Penetration Testing Package include:

1. Complete solution for the efficient and routine testing of your IT system 
2. Ensuring that networks and applications are secure against cyber attacks 
3. Agreed scope of testing delivered for known and fixed costs 
4. Comprehensive report identifying vulnerabilities and recommended remedial activity.

IT Penetration Testing - Standard Package

This package consists of:

  1. Network Testing - for a system with up to 20 externally facing IP addresses (preferably same subnet) and up to 4 internal servers running in a single organization. Includes testing of firewalls, routers and switches.
  2. Test Report - a complete description of the tests performed with each potential vulnerability identified and ranked in order of importance. A remedial solution is recommended for each of the potential vulnerabilities. Includes an Executive Summary that clearly identifies the business risks and possible solutions in non-technical layman's terms.

IT Web Application Testing Package

  1. Application Testing - for a single (1) Web application with an externally facing interface and a single database. Alignment of testing with OWASP methodology to identify vulnerabilities to most common application exploitation mechanisms. (I.e. Injection Flaws, Insecure Direct Object Reference, Broken Authentication & Session Management).
  2. Test Report - a complete description of the tests performed with each potential vulnerability identified and ranked in order of importance. A remedial solution is recommended for each of the potential vulnerabilities. Includes an Executive Summary that clearly identifies the business risks and possible solutions in non-technical layman's terms.

IT Penetration Testing - Ultimate Package

  1. Network Testing - for a system with up to 20 externally facing IP addresses (preferably same subnet) and up to 4 internal servers running in a single organization. Includes testing of firewalls, routers and switches.
  2. Application Testing - for a single (1) Web application with an externally facing interface. Alignment of testing with OWASP methodology to identify vulnerabilities to most common application exploitation mechanisms. (i.e. Injection Flaws, Insecure Direct Object Reference, Broken Authentication & Session Management).
  3. Test Report - a complete description of the tests performed with each potential vulnerability identified and ranked in order of importance. A remedial solution is recommended for each of the potential vulnerabilities. Includes an Executive Summary that clearly identifies the business risks and possible solutions in non-technical layman's terms.

IT Wireless Local Area Network Testing Package

  1. WLAN Testing - for up to 4 Wireless Access Points (AP) with full WLAN assessment including the identification of rouge access points, non-encrypted data, WEP key security, DOS and MAC spoofing. Please note that this service includes a visit to a single office location to perform onsite testing.
  2. Test Report - a complete description of the tests performed with each potential vulnerability identified and ranked in order of importance. A remedial solution is recommended for each of the potential vulnerabilities. Includes an Executive Summary that clearly identifies the business risks and possible solutions in non?technical layman's terms.

IT Penetration Testing - Additional Options

  • Additional IP addresses (purchased in blocks of 10)
  • Additional Web Application Testing (purchased per application)
  • Onsite Report Presentation.

Please note that we highly recommend that an Onsite Report Presentation meeting is arranged. This session is designed to present and discuss the penetration test results and recommendations in detail with all relevant stakeholders.

When should a Penetration Test be conducted?

Given the ever increasing risk of attack to a network and the continual enhancements and upgrades to a system over time, ITSC strongly recommends that a Penetration Test be conducted on a regular basis. Such testing may also be a requirement for compliance with the ISO 27001 and PCI DSS Standards.

For smaller organizations that have had no major changes to their IT system over a period of 12 months, it is recommended that a Penetration Test be conducted on an annual basis (1 per year).

For larger organizations that have had no major changes to their IT system over a period of 12 months, it is recommended that a Penetration Test be conducted on a quarterly basis (4 per year).

It is recommended that a Penetration Test be conducted after every major installation or reconfiguration of a network infrastructure particularly if this involves firewalls and dedicated security sub-systems.

IT Penetration Testing - Retesting Service

The IT Penetration Testing Service is designed to identify vulnerabilities in an IT system and provide advice ad recommendation for any corrective measures required. When such remedial activity has been completed, ITSC recommends that the original testing is repeated to ensure that the system is now fully secure.

IT Penetration Testing - Annual Contracts

Designed to meet the needs of organizations of all sizes, the IT Penetration Testing Annual Contract provides regular testing to ensure that networks and applications remain secure over a period of time. It will also ensure compliance with security standards such as ISO27001 and PCI DSS. IT Penetration Testing Packages are offered on a Single, Bi-Annual or Quarterly Test basis.

IT Penetration Testing - Multi - Year Contracts

The IT Penetration Testing Multi - Year package is designed to provide an organization with a guaranteed quality test for a one, two or three year period and is offered at a significant discount on the cost of a single Penetration Test.

Please note that contracts that combine Penetration Testing Annual and Multi - Year contracts are available on request.