SECURE THE GAPS.
HOW WE CONDUCT OUR PEN TEST?
SparkC will perform white, gray, and/or black box network penetration testing using tools and sophisticated by-hand penetration testing to examine our clients information technology security and architecture. The penetration testing team will attempt to exploit vulnerabilities that have been identified in a customer's systems (hosts, applications, database, or other computer related resources).
The results will detail the risk exposure for customer systems and demonstrate how vulnerabilities can be exploited to gain access to their systems. Suggested remediation actions to lower a customer's risk exposure will also be provided. During the penetration test, SparkC will not delete any live data, will make every attempt not to disrupt current operations, and will not perform any Denial of Service attacks.
The team will only concern themselves with discovering and exploiting vulnerabilities which provide greater access to the system or network that is being tested. SparkC will be limited to the scope identified in the Rules of Engagement with the customer, even if the test team identifies access to other networks.
WE ADHERE TO
Based on testing types and client needs, we follow the NIST Cybersecurity Framework and the following references:
CIS 20 Controls
ISO/IEC 27001 & 27002
NIST SP 800-53 Rev 5
The Family Educational Rights and Privacy Act (FERPA)
PCI-DSS (Payment Card Industry - Data Security Standards)
AICPA (American Institute of Certified Public Accountants)
GDPR (European General Data Protection Regulation)
IDENTIFYING VULNERABILITIES AT ALL LEVELS
Test for susceptibility to Advanced Persistent Threats (APTs) such as social engineering or phishing vulnerability, viruses, malware, trojan horses, botnets and other targeted attack exploits. Evaluate current threat posture including antivirus and Intrusion Detection and Prevention (IDP) capabilities.
Identify physical security vulnerabilities by attempting access to computing hardware and sensitive information using social engineering techniques.
Perform PCI security compliance and risk assessment; provide remediation steps to meet compliance requirements.
Review wireless network system components for security vulnerabilities, validating system specific configurations and known exploits.
Perform vulnerability assessment of the clients network.
Validate system-specific configurations and review for known exploits. This includes firewalls, switches and routers, Microsoft Active Directory and file servers, web servers, wireless routers, VPN, Cisco VoIP and Office 365 Email.
Our qualified team of pen testers will measure the overall cybersecurity strength of your organization by employing offensive tactics, and providing findings with recommendations for prioritization of remediation efforts. Service components include wireless penetration testing, web application penetration testing, database penetration testing, network penetration testing, automated and manual target enumeration, manual exploit validation, comprehensive reporting and remediation recommendations.
WE PEN TEST CUSTOMERS
WEB APPLICATION PENETRATION TESTING
PARTNERING WITH INDUSTRY LEADERS.
To continually meet quality and service excellence, we collaborate with industry leaders to deliver the highest quality of cybersecurity management services.
SparkC will deliver a multi-layered report that includes the following:
(1) Executive Summary
(2) Detailed Technical Improvements
(3) Continuous Improvement Recommendations
Based on our past experience, we provide various levels of reporting—including an executive summary, remediation, operational, and legacy reporting—that provides the full spectrum of solutions to maintaining improvements to clients network operations.