Penetration Testing & Risk Assessments

In today’s world, technology changes so rapidly that it can be a challenge to keep up and keep your organization safe and secure. Risk assessments and penetration testing are industry best practices for assessing new and evolving threats that that are deeper and more complex than can be found in a typical vulnerability assessment scan. That is why we at BelowDay offer a variety of different, highly customizable penetration testing options.

At BelowDay our penetration testing and risk assessment teams consists of individuals whose passion is security and hacking. Our people are experts in their field coming from backgrounds in hacking, architecture, engineering, vulnerability reduction, and compliance. They know how to hack systems, and also have the in-depth knowledge of how to fix or mitigate your risk appropriately. Unlike other security firms, at BelowDay you will work with a security engineer from beginning to end making sure you get the exact end result agreed upon from the start. 
Our different types of assessments are all a la carte and customizable. You get to choose where you want our team’s focus during your assessment. We highly recommend exploring our unique ride along service in addition to any risk assessment. It is a great way to help train your security team on how the penetration test was performed and help education them to better protect your organization.

Our Penetration Testing options include:

  • Internal Network Assessment
  • External Pen Test Assessment
  • Interview-Based Assessment
  • Web Application Pen test
  • In-Line Assessment – Data flow network traffic analysis
  • Wireless Pen Test Assessment
  • Ride Along Services – Add-on service

 

Internal Network Assessment

In this assessment we will work with you to create a scope of devices, services, and networks you would like to have assessed. We will then decide an initial access point and set goals. These goals can be accounts, servers, data or anything else you decide is important to your organization. From there we will start our penetration test using industry standard and custom-written tools to discover weakness and exploit them to get access to your set goals. Finally we will create findings documents as well as remediation suggestions based on our discoveries and present them to you and your team.  

We also highly recommend looking into our remediation services and our ride along services to help train your already existing security team.

 

External Pen Test Assessment

Testing your external facing exposure is very important to any organization whether you have 100 public facing websites or seemingly none. In this assessment we will work with you to determine your desired scope of sites, and how and when you would like them assessed. At BelowDay we want to create as little disruption as possible. That is why we work with you and even your development teams to make sure we are testing at the best time possible with little to no interruptions. Finally we will create findings documents as well as remediation suggestions based on our discoveries, and present them to you and your team.  

We also highly recommend looking into our remediation services and our ride along services to help train your already existing security team.

 

Interview-Based Assessment

It is not always a technical aspect that causes a vulnerability or weakness in an organization. In this assessment we will work with you and your teams in an interview-based approach. Our interview process includes questions about

  • corporate security culture,
  • potential conflicts of interest in your organizational structure,
  • staff understanding regarding security requirements and controls or protections that are in place, ,
  • recommendations regarding security staffing for size of the company,
  • recommendations regarding policies, standards, and awareness,
  • and recommendations regarding staff technical requirements.

 

Web Application Pen test

Custom written applications, both internal and external, can be a significant risk to an organization. Development teams often focus on timelines and production goals over secure coding practices and configurations. This is very common and why we at BelowDay think it is so important to have every web application assessed and thoroughly penetration tested. We will work with you to test single or multiple applications. We also offer a subscription service to test ongoing development of projects to ensure secure issues do not arise during the development process between releases.

 

InLine Assessment – Data flow network traffic analysis

Data flows across networks at increasing volumes and speed, and it is important to know what data is flowing, where and how. At BelowDay we offer a service that will analyze what type of data is flowing between particular points in your network. This is particularly important because data elements like passwords, credit cards, social security numbers, patient names and more can flow unencrypted, and unprotected between systems without anyone but a hacker being the wiser.

In this assessment we will work with you and your engineering team to install a piece of software at crucial parts of your network to analyze data as it flows. We will then analyze this data and create a findings report include remediation suggestions and present them to you and your team.

 

Wireless Pen Test Assessment

Most organizations have wireless networks at their locations today. Wireless can cause major issues in some instances. It may be in the case that your wireless is leaking further than it should, through weak encryption, rogue access points, or misconfiguration for example.

We will work with you to determine what physical location or locations you would like tested and mapped. We will then do a wireless assessment showing how far your wireless reaches outside of your organization and how strong or weak your encryption and authentication is. We will also look at the process of how access is controlled to these networks.

 

Ride Along Services – Add on service

This service is unique to BelowDay, and it is a service we strongly believe in! There is nothing like learning from doing, and that is what we try to accomplish in this add-on service. With this service you can have your existing security team work with BelowDay staff to duplicate services, such as a pen test. We will then either bring them to our offices or train them at yours, to re-do the assessment and utilize it as a training opportunity where your team will be able to recreate the steps we took and to ask questions along the way.

This service can be added to most services BelowDay offers. You will be working with the security engineer who performed the assessment for your organization. This give your team first-hand knowledge of how our security engineers think and how the tests were done.