Our True Services;Solutions Supporting Your Mission

Penetration Testing

The development of a practical, but fortified Framework.

Where vulnerability scanners frequently only check whether a specific vulnerability exists, the attack phase of a penetration test exploits identified vulnerabilities, confirming their existence.

True IA will conduct penetration testing from outside the organization’s firewall, to attempt to find security holes in the organization’s perimeter protections or at exploiting vulnerabilities that were previously identified. The application of any automated tools will follow NIST Guidelines, in particular, SP 800-30 Revision 1, the Guide for Conducting Risk Assessments and any agency guidelines that exist.

Guidance and rules for aspects such as, but not limited to:

NESSUS
WebInspect
NGS SQuirreL (for database vulnerabilities)
NMAP
Other client-approved tools as deemed necessary to meet the requirements

Once we receive test results, security flaws in the design, policy, or implementation of the system with which your business uses may be uncovered. To support the test objectives, True IA will use Penetration Testing and Whitebox Testing to verify the security state of the Service Authority Systems.