Penetration Testing Service
SaaS, API, Web Applications, Mobile Applications
and Infrastructure, Cloud Penetration Testing
Web Applications/API Pen Testing Package
Starts at $5,000
-
Information Gathering
-
Configuration and Deployment Management Testing
-
Identity Management Testing
-
Error Handling
-
Cryptography
-
Session Management Testing
-
Authentication Testing
-
Authorization Testing
-
Business Logic Testing
-
Data Validation Testing
-
Client Side Testing
-
Industry-validated Approach
- Real-time Collaboration with Pentesters via Slack and Platform
External Network Pen Testing Package
$4,000
up to 5 IP addresses costs
-
Mimic Adversary Actions
-
Network Security Examination
-
Vulnerability Identification
-
Assessment of Exposed Services
- Enumeration/Reconnaissance
- Exploitation Testing
Internal Network Security Package
$5,000
(Windows Domain environment with a /24 subnet)
-
Security Control Testing
-
VPN Connection Setup
-
Cloud Server Network Integration
- Penetration Testing Activities
- Reporting and Follow-up
Pen Testing Service Description
Package 1: Web Applications/API Pen Testing
Testing the security of your web-based applications will allow you to:
- Identify security vulnerabilities and security design flaws affecting your web applications.
- Understand the contextualized risk posed by issues found and the impact of security violations
- Reveal your exposure to internal and external attackers
- Learn your application’s overall security posture and how it can affect your business
- Raise risk and security awareness
- Receive detailed recommendations on how to solve issues found, mitigate identified risks and improve the overall security stance of your web-based applications.
The Web Application / API Security Package for up to 3 web applications, up to 3 user roles, and up to 50 API endpoints cost $5,000. This includes a monthly Vulnerability Assessment to ensure your application security posture is maintained at the highest possible level of security.
Package 2: External Network Pen Testing
The External Network Security Package mimics the actions of an actual adversary by attempting to exploit weaknesses in network security without the dangers of a real threat. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organization to address each weakness.
It should be assumed that every actively listening device that is exposed to the internet will constantly be under attack. Examples of listening services that are typically exposed would be email, web, VPN, cloud authentication, cloud storage, etc.
CyberHunter uses the Penetration Testing Execution Standard (PTES) as well as NIST SP 800-115 as the guideline for all external penetration testing covering:
Enumeration/Reconnaissance: This exercise is a precursor to a penetration test and involves scanning the targets for possible vulnerabilities that may be exploitable. Specifically, we are looking for misconfigurations, vulnerable software, weak credentials, and poorly coded software that a hacker could use to infiltrate a server or compromise the application. This phase can cover areas such as:
- Footprinting
- Information Leakage
- DNS Analysis
- System fingerprinting
- Services Probing
- Exploit Research
Exploitation Testing: In this test phase, Cyberhunter will look to manually exploit any weaknesses or vulnerabilities identified in the servers or web application with the objective of breaching it from a black box perspective (i.e. no credentials or knowledge of the systems). Such tests may cover some or all of the following areas:
- Manual Vulnerability Testing
- Verification of Identified Vulnerabilities
- Intrusion Detection / Intrusion Prevention Testing
- Password Strength Testing
The External Network Security Package for up to 5 IP addresses costs.
Package 3: Internal Network Security
The Internal Network Security Package, depending on the objective and methods, can sometimes be referred to as a Red Team exercise or a Post-Breach penetration test and can be used to realistically test the Protective, Detective and Responsive security controls in an organization.
The questions and measurements being made during testing are:
- Did you stop any of the threatening actions and behaviors performed?
- If the threats were not stopped, did you see them (event logging)?
- If the threats were observed, did you respond appropriately to them (SOC Team, Blue Team)?
The testing begins by connecting any internal computer using a VPN client to our cloud-hosted VPN server. NOTE: This is a secure connection outbound. We do not need any inbound connection to the network. Our cloud server will obtain a local IP address on the LAN using DHCP (or static assignment) but no credentials will be provided to the test team. In this case, all tools are maintained offsite and used by the testing team to perform reconnaissance, searching for vulnerabilities and exploitable security misconfigurations, potentially exploiting devices, installing a presence in the network and acting on desired objectives. Activities are aligned with MITRE ATT&CK (https://attack.mitre.org/) and may include:
- Reconnaissance
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Command and Control
- Exfiltration
- Impact
- Segmentation Validation
- Unlimited users
- Reporting:
- Full Debrief
- Remediation Plan
- Retesting
The Internal Network Security Package on a 3-year term for a Windows Domain environment with a /24 subnet costs $5,000.
Use this tool to choose a package and sign a contract:
Framework for penetration testing:
Penetration testing typically includes the implementation of testing scenarios outlined in the following standards and frameworks:
- OWASP Web Security Testing Guide.
- NIST 800-115.
- SANS TOP 25 Most Dangerous Software Errors.
- WASC Projects.
It is also possible to design custom scenarios, e.g., to check compliance with a certain regulatory standard or resistance to social engineering attacks.
Frequently Asked Questions
The easiest way to explain the difference between a Vulnerability Assessment and a Penetration Test is to imagine yourself standing in front of a door. A Vulnerability Assessment is like a door inspection where you carefully examine it for potential issues such as rusty hinges, loose locks, or cracks in the frame. It identifies all POTENTIAL weaknesses (or vulnerabilities) of that door but doesn’t attempt to exploit them.
A Penetration Test, on the other hand, is like standing in front of that same door and seeing those potential vulnerabilities, then trying to actively exploit them. This would include taking a hammer to the rusty hinges, trying multiple keys on the locks, and taking a crowbar to the cracks in the frame. It aims to see if the weaknesses found in the Vulnerability Assessment can be manually exploited to gain unauthorized access.
Penetration testing frequency varies widely in each industry however, it’s recommended to be performed annually at minimum. Various industry certifications may indicate that more frequent testing occur (ie. quarterly or bi-anually), or when there is a significant change made to an application(s)/network(s). However, it’s ultimately up to you beyond that.
The duration of a penetration test ultimately depends on the type, size, and scope of the assessment. The TYPICAL test duration for each assessment is as follows:
- Web Application / API = 5 days per app
- Desktop App = 5 days per app
- Mobile App = 5 days per app
- External Network = 3 days
- Internal Network = 5 days
An additional duration of 1-3 days is typically required for report creation and review process.