Penetration Testing

TRUST BUT VERIFY

discover more


Background

Comprehensive testing of your security

No stone unturned

comprehensive testing of your cybersecurity




Three Tier Penetration Testing

comprehensive testing of your security



Tier 1

Social Engineering is when our security engineers attempt to obtain credentials, internal procedures or access, in person, over the phone or via email. We follow this up by performing a sweep of the dark web and Internet to obtain remote access tools or leaked credentials. This step is critical to complete a full penetration test.


Tier 2

An important step during the penetration test is to have a vulnerability scan. This information is typically used for compliance reasons. However, this information can be very helpful in identifying all the low hanging fruit in your network environment. After a vulnerability is discovered, our security engineers will attempt breach or take control of the network device.


Tier 3

After the vulnerability has been exposed, is it important so show, explain and educate on how the incident occurred, then how to avoid in the future. After the penetration test is concluded our security engineers will meet up with the client to ensure they have a firm understanding on the exposed vulnerability and how to fully remediate the issue.




“It is important that our data is secure at all times and we needed someone with the skills and expertise to review our systems. We turned to Alias to perform our penetration test. They were able to quickly scan our systems and determine what changes we needed to make.”


Jeffery - Education Industry




Web App Penetration Testing


Evaluate the security of a web application by using aspects of the OWASP standard testing checklist and involves an active analysis of the application for any weaknesses, technical flaws or other vulnerabilities. You’ll receive an assessment of the potential impact, steps to reproduce the issue if applicable, and recommendations for remediation.



Internal Penetration Test

Determine your openings for a potential security breach and validate the level of effort required for an attacker to overcome your security infrastructure. After access is gained, Alias identifies configuration issues and vulnerabilities that can be exploited.  



External Penetration Test

Consists of enumerating and verifying vulnerabilities that could be exploited by external attackers to gain unauthorized access to your systems. Alias plays the role of an external attacker, attempting to exploit vulnerable systems to obtain confidential information or compromise network perimeter defenses.



IS YOUR SECURITY UP TO THE TEST?

social engineering in action

check out the video below for a behind the scenes look at our social engineering


Hacking the Human

Would your employees pass the test or would they fall prey to our engineers? Our engineers have experience hacking the human. Let Alias strengthen security at your place of business. We recommend scheduling social engineering campaigns before your company is attacked by the bad guys.

Measures the effectiveness of security training, internal procedures, and technical controls by attempting physical access to your organization. Alias will pose as a legitimate person or company and attempt to gain access to restricted areas, obtain a physical network connection, or access unattended workstations or servers. Below are some of the different social engineering ways we can test your employee preparedness:



check Pretexting

check Social Media

check Whaling


check Intelligence Gathering

check Email Spoof


check IT or ISP Contact

check Invoice Phishing


check USB Phone Home

check Baiting Email




“Alias’ extensive knowledge and experience in the realm of social engineering has helped us improve and maintain a dynamic information security training program.”


Robert - Banking Industry




Security Awareness Training


Always be prepared

Alias offers corporate security awareness training for employees of all skill levels because a business is only as secure as its weakest link.

We teach interactive classes that make learning fun and memorable to strengthen the overall security posture of your company. Let us come out to personally assess the security needs of your business and create a custom class. We train on:



check Phishing

check Malware


check Cloud Security

check USB Attacks


check Ransomware

check Mobile Device Security


check Passwords

check Social Engineering