""
 Penetration Testing Penetration testing is one of our core service offerings and our true area of expertise. A penetration test conducted by Shorebreak Security will emulate a highly skilled attacker, and will leave you knowing, not just thinking, that your network/systems have been properly tested. A typical Shorebreak pen test team is made up of 3-4 security engineers, each with a minimum of 7 years in Information Security, with most of those being in penetration testing. Shorebreak security engineers have written books on the topic, have researched and discovered new vulnerabilities (zero day), are up to date on emerging threats and trends, and have each conducted dozens of penetration tests. We are capable of testing all aspects of your system(s) - wireless, web applications, applications, network, modem connections, social engineering attacks, and more. Results from a vulnerability scanner are often some of the last things we look at when doing a penetration test - we think like an attacker, so will target "soft" systems first, and usually gain access to systems and find vulnerabilities that a scanner doesn't. The product of a Shorebreak penetration test is not simply a regurgitated vulnerability scanner report. Rather, we perform a qualitative analysis of the vulnerabilities of your system and present the true impact of a vulnerability. Vulnerability Scanning and Assessment Shorebreak security engineers have been working with vulnerability scanning software since their inception, and if there's one thing we know, it's how to tune and optimize them. What good is a vulnerability assessment if not all the hosts were discovered? If the organization's mission has been disrupted because of improper settings in the scanning software and important systems have crashed, what use is the report? Shorebreak Security has years of experience in scanning critical government systems, such as those that require as close to 100% uptime as possible. We take great pains and caution to ensure that our scanning activity does not impact the organization's mission and business operations. Security Architecture Review Usually combined with a penetration test or vulnerability assessment, we will review the network architecture and overall system boundary for weaknesses. We conduct "tabletop" reviews of firewall rule sets, IDS configurations, router and switch configurations, and then conduct scanning to technically validate what we see in the configuration files. We interview system and network administrators, and attempt to determine if their administration practices are sound. Certification and Accreditation Activities Shorebreak Security has significant experience conducting a wide range of C&A activities - we're exceptionally good at conducting Security Testing and Evaluation (ST&E), Risk Assessments, POAMs, vulnerability scanning, and penetration testing. We are able to conduct an ST&E fairly quickly, as we automate technical controls testing using vulnerability scanning software. We often team with our partners to provide more complete and robust C&A capabilities. Forensics and Incident Response We are capable of doing both "dead box" forensics and live forensics, along with network forensics and intrusion detection. Our engineers have years of experience in detecting and preventing attacks in large government enterprises, and have developed custom solutions where needed. Other Information Security Services If you don't see the service that you require listed above, contact us and we'll honestly tell you if we can perform the service, or if we can recommend another company to you. |