Testing info@xcapesolutions.net | 813-964-9101

• HOME
• SERVICES
  • Testing
    • Manual
    • Automated
    • Performance
    • Enterprise Security
  • Development
    • Internet
    • Client/Server
    • Migration
  • IT Staffing
• CLIENTS
  • Case Studies
  • Testimonials
• CAREERS
• ABOUT XCAPE
  • Contact Us
  • Philosophy
  • Team
  • Expertise
    • Development
    • Environments

• Manual
• Automated
• Performance
• Security

Enterprise Security

Enterprise security continues to be one of the most critical concerns, costing businesses millions of dollars every year. Xcape Solutions expert staff works with both business leaders and the IT community to achieve and maintain a more secure environment in terms of IT security, regulatory compliance, policy creation and implementation. We will provide expert assistance to help you identify both internal and external threats. We provide a variety of services to meet these needs:

Enterprise Network Security

Increasing incidents perpetrated by remote hackers abusing the Internet as well as disgruntled employees looking to hurt their employers continues to threaten businesses regardless of industry and size. Regardless of your business’s size, properly securing internal trusted networks and external network access is a priority and investment that must be made to protect your interest and future growth. To ensure that network security controls and management processes are properly implemented, our team of security specialists take a holistic approach in performing vulnerability assessments and penetration testing.

Identifying deficiencies, finding the root cause and prescribing effective remediation sounds simple, yet one vulnerable opening can dismantle all your efforts. Typically, our testing is started from a position of least knowledge about the client’s systems and networks as they appear from an external perspective. Using the Black Box methodology, we assume the role of a malicious external user, with no previous knowledge of your network structure or security plan. This Black Box methodology simulates a malicious external user exploring your externally accessible infrastructure with hopes of gaining entry to your internal assets. As the test proceeds, our technicians work with internal staff to move from a position of zero knowledge to a position of limited knowledge, to a position of full knowledge. As each perspective changes, snapshots of the network security are recorded.

Penetration Testing

A penetration test determines how well your organization's security policies protect your assets by trying to gain access to your network and information assets in the same way a hacker would. Tests can range from an overview of the security environment to attempted "hacking" with the intent of obtaining investigative information. The Xcape Solutions penetration test will reveal:

• How difficult it is to obtain data from outside of the network
• Which information is at risk
• What measures should be implemented to protect your assets

A penetration test subjects a system to real-world attacks selected and conducted by professional security technicians. The benefit of a penetration test is to identify the extent to which a system can be compromised before an actual determined attack. Our test results will either show you where you to need enhance your security, or let you know that you should sleep better at night. Only a real penetration test can simulate what would happen if a determined hacker were to attack your organization.

The Penetration Test Process Discovery

Our technicians will perform thorough searches of the various whois databases, scan tools, etc, to obtain as much information as possible about the target organization. These searches often reveal many more Internet connections than the organizations expect. It is also important to leverage Usenet postings and Social Engineering tactics (if in scope) - many organizations are amazed by how willing their employees are to divulge information that is useful to an attacker.

Enumeration

Once specific domain names, networks and systems have been identified through discovery, the penetration tester technician will gain as much information as possible about each one. The key difference between discovery and enumeration is the level of intrusiveness. Enumeration involves actively trying to obtain user names, network share information and application version information of running services, limited only by agreed-upon rules of engagement and scope.

Vulnerability Mapping

Vulnerability mapping, one of the most important phases of penetration testing, occurs when security practitioners map the profile of the environment to publicly known, or, in some cases, unknown vulnerabilities. We have a dedicated research department, which is constantly combing the “blackhat” community for new and emerging vulnerabilities. The tester's most critical work is performed during the discovery and enumeration phase.

Exploitation

The exploitation phase begins once the target system's vulnerabilities are mapped. The penetration tester will attempt to gain privileged access to a target system by exploiting the identified vulnerabilities. The key to this phase is manual testing. No automated tool can duplicate the testing of an experienced penetration tester who is skilled in the art.

Report

Xcape Solutions expert staff works with you to develop a report that will provide clear findings and a prioritized matrix of actions, work efforts, and findings. We will provide a preliminary draft report to the technical point of contact for the purposes of review and clarification followed by a final report at the conclusion of testing. The report will include:

• Executive Summary (jargon free, true executive level summary)
• Methodologies and scope, and summary of evaluations
• Research: IRC, USENET, Websites, etc.
• Priority Matrix, indicating remediation priorities, and risk
• Work Matrix, indicating estimates of work efforts required for remediation
• Findings and recommendations sufficient for risk management and remediation planning

Social Engineering Testing

Social engineering tests your “human firewall”. This is a method of gaining access to an organization and its assets by tricking key personnel over communications medium such as telephone, email, chat, bulletin boards, etc. from a fraudulent "privileged" position. If your staff has received the training to defend itself, this test will enhance their effectiveness.

Web, Application and Network Penetration Testing

Network security is only part of the picture; securing the internal and external networks is just the first step. For complete protection, both web applications and internal applications need to be secure. Externally accessible applications, web sites for example, represent the largest threat. Application development typically includes functionality and performance testing, but rarely security testing. For that reason, applications should be tested by security experts. There are three major areas of application testing:

• Application Design and Access Assessment
• Application Penetration Testing
• Code Reviews
• Network Security Testing
• Wireless Network Testing
• Physical Network Testing

For more information, contact us or call 813-964-9101.