Upload
halock
View
215
Download
0
Embed Size (px)
Citation preview
8/14/2019 Halock ACS - Ethical Hacking
1/2
Pricing:
Pricing varies based on the
size, complexity, and depth of
testing
Typical Ethical Hacking en-
gagements range between
$5,000 and $20,000
Additional fees apply to in-
depth application testing
In the race to develop online
services, networked hosts and
underlying applications have
often been deployed with mini-
mal attention to security risks.
The result is that most corpo-
rate sites are surprisingly vul-
nerable to hacking or indus-
trial espionage.
To test this, Ethical Hacking
(sometimes referred to as
Penetration Testing) is per-
formed in conjunction with
vulnerability scanning.
Halocks "Red Team" of ethical hackers can perform an in-depth analysis of identified potential
high risk vulnerabilities with the primary objective to gain access to sensitive data assets within
the organization environment as a practical demonstration of what a malicious individual could
accomplish.
Many vulnerabilities, when viewed independently, do not pose a great risk to the organization.
When these weaknesses are combined and placed in the hands of a skilled attacker, the result is
often a breach. Understanding and resolving configuration and security issues helps prevent the
organization from experiencing and having to disclose a real attack in the future.
Solution Overview
Professional Services Included :
Manual testing directed at fully exploiting
identified key vulnerabilities
Attempts to gain authenticated access to
protected systems using "brute force"
techniques of guessing login names and
passwords
Advanced techniques of system compromise,
such as utilizing buffer-overflow
vulnerabilities to implant "root-kits" on target
systems, which can then be used for further
privilege escalation
Advanced testing techniques including SQL
Injection, ASP and CGI script
vulnerabilities, Cross-site scripting, Hidden
-field manipulation, Authentication
vulnerabilities, Session hijacking, Database
errors, Directory traversal, Form field data
validation
Exploiting sensitive information contained
in within application source code and
underlying systems
Documentation of findings, including
detailed walkthroughs of exploit scenarios
Ethical Hacking
Solution
At-a-Glance:
Performed internally
(internet accessible), exter-
nally (private), or both
Locate and identify respond-
ing hosts
Exploitation of indentified
vulnerabilities with the in-
tent of gaining access to
sensitive information assets
Detailed reporting of findings
and risks including narrative
scenarios that walk you
through each step of the
attack
Identify and document ap-
proaches and recommenda-
tions to resolve security
vulnerabilities
847.221.0200 halock.com
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
Assessment & Compliance Services Division
8/14/2019 Halock ACS - Ethical Hacking
2/2
Ethical Hacking: Scope Worksheet
1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
847.221.0200 halock.com
Any system with detected vulnerabilities can be targeted for ethical hacking. If there are specific systemsHalock should focus on, please indicate below:
Are there any special considerations that need to be taken into account (i.e. Off site hosting)?Please list.
1) _____________________________________________________________________________
2) _____________________________________________________________________________
3) _____________________________________________________________________________
4) _____________________________________________________________________________
SYSTEM IP ADDRESS NOTES