INTERNAL NETWORK PENETRATION TESTING
CHECKING YOUR NETWORK SECURITY
Using the IP address blocks you provide, WavePort Security will use network scanning tools to identify which specific IP addresses are in use, the operating system, and type of the device using each address. WavePort Security will then conduct further scans in order to identify TCP and UDP ports open on the system and the services listening on those ports. WavePort Security will also map the topology of the target network.
Based upon the agreed scope, WavePort Security will then proceed to searching identified systems and services for known vulnerabilities and misconfigurations. Web servers in scope of the assessment will be examined to identify “off-the-shelf” (non-custom) web applications with known vulnerabilities. We will also perform manual testing of identified services and non-custom web applications.
With your approval, we will proceed to exploit identified vulnerabilities to validate the presence and impact of the issues. We will attempt to use compromised systems and services to exploit other systems in your network to test the depth of your network's defenses.