Engagement Process

GAIN DEEPER INSIGHT INTO THE THREATS AND VULNERABILITIES THAT COULD COMPROMISE YOUR ORGANIZATION

Built on industry-leading security methodologies—CREST, SANS, PTES, OWASP—and our own STEM methodology, our process delivers comprehensive results. We adhere to the following steps regardless of the type of vulnerability testing selected:

Planning

Based on the nature of the testing, our team works closely with clients to understand their priorities before developing a calculated plan. Our planning guidelines allow us to work efficiently while remaining flexible to accommodate priority changes. 

Research

Similar to a potential attacker, our team conducts research to determine how the target environment operates and how it integrates with other systems within your organization.   

Vulnerability Identification

Testers examine avenues of attack, threat agents, and vectors in the target environment to uncover technical vulnerabilities and identify the cause. We use both automated and manual testing methodologies, and we manually verify all identified vulnerabilities to minimize false-positives.

Exploitation

With your organization’s vulnerabilities identified, our team penetrates the target system using industry-leading techniques—Exploits, Escalation, Advancement, and Analysis—to gain unauthorized access, escalate that access and advance to other vulnerable systems. We use safe, proven exploits that will have little to no impact on system performance. 

Reporting

The most critical part of the process, reporting delivers a well-documented analysis of our findings in an actionable and detailed report that brings your organization’s security vulnerabilities to light. The result is a remediation roadmap that we walk you through, step-by-step, so your team thoroughly understands the vulnerabilities and areas of risk.  

Remediation

With your report in hand, you can quickly prioritize your organization’s top vulnerabilities and build a plan for remediation.