IIS attempts to breach the logical, physical, and administrative controls of a client’s IT infrastructure in order to map out deficiencies in those controls and determine how to better defend against hackers and other malicious attackers.  The deliverable good for this service is a detailed report outlining any and all vulnerabilities discovered as a result of testing, with remediation guidelines that provide steps to mitigate any discovered threats.

How easy is it for attackers to access your network and sensitive data? Do you have adequate measures in place to detect and prevent an attack? Does your staff understand the dangers of social engineering? Can they detect and actively defend against phishing schemes? We can help you understand your company's effectiveness in surviving an attack by peforming a penetration test. Let us attack you before a real threat does.

Our team of cyber security experts utilize real-world techniques and knowledge cultivated for decades to identify and exploit vulnerabilities that could result in a breach of your organization's security. We explore the company's footprint, enumerate all attack vectors, and proceed to attempt infiltration. Whether it's a malicious attack or neglect, we'll find your weaknesses and use them to gain access. Once inside, we pivot off our foothold and see how far we can go.

We analyze your internet-facing systems that could leave sensitive data vulnerable to attack. We explore known vulnerabilities, and check for default settings, passwords, and brute force test for weak passwords. We test for mis-configured systems, SQL Injection (SQLi), Cross-site Scripting (XSS), and any other application vulnerabilities. We will engage in social engineering. You'll receive a detailed report on our findings, with step-by-step guides on how the exploits were performed. We'll also include detailed action items to help you remediate and mitigate the vulnerabilities.

A penetration test is not a boxed solution. It's not a simple scan and deliver service. Our penetration tests are highly organized and take time to fully benefit from the engagement. We will work with you to find the best solution for your testing needs. There are three basic categories that govern penetration test methods:

1. Black box: Assumes no prior knowledge of the system. This is truly an outsider trying to discover what can be attacked on your network.
2. White box: Complete knowledge of the system. This is an insider that already knows the systems and is a much faster approach, but may not give you a true understanding of what an outsider can do.
3. Grey Box: The best of both worlds. Partial knowledge of the systems is given. This allows us to cut down some of the early reconnaissance that black box requires, without handing over the full scope of the target that a white box test requires.

The choice is entirely yours. We will work with you and go into greater detail explaining the pros and cons of each style and help you determine which method best fits your needs, time, and budget.

With IIS, you can rest assured that our experts have the experience and credentials needed to carry out safe and methodical penetration tests. Our team includes certified penetration testers (GPEN) and Certified Information System Security Professions (CISSP). We adhere to ethical codes of conduct and carry government Security Clearances. We work diligently to help your organization maintain the confidentiality, integrity, and availability of your information systems every step of the way. Many clients prefer this engagement to take place after normal business hours and we are happy to work on your time and schedule. In the event something crucial is discovered, we will notify you immediately and help you begin fixing the issue right away.