Fortra Penetration Testing Services

Services by Certified Cybersecurity Experts

Penetration Testing Services For Every Industry

Many industries like finance, healthcare, retail, and defense are required to perform penetrations tests to meet compliance. But this proactive testing method is a best practice for every industry. We offer one-time and recurring service engagements customized for your specific environment, whether you need a basic pen test or sophisticated attack emulation.  
 
Pen Test Services
  • Application Security
  • Network Security
  • Social Engineering
  • IOT Security 
Other Testing Services
  • Red Teaming
  • Control Verification
  • Purple Teaming
  • Adversary Simulations
  • Black Box Testing

Explanations for each service listed below 

Penetration Test Types

Application Security - Web Applications

Adhering to the OWASP Standard, pen testers identify weaknesses in web apps through tailored evaluations and detailed source code inspection.

Application Security- Mobile Applications

Our pen testers use OWASP Top 10 for Mobile Risks as a standardized approach based on the most prevalent risks, such as improper credential usage and inadequate supply chain security.

Application Security - Programming Interface

The OWASP Top 10 for API Security Risks helps pen testers identify security misconfigurations, improper inventory management, and other major API security weaknesses. 

Social Engineering

Using phishing test tools and emails tailored to your organization, pen testers will assess the detection and reaction capabilities of your employees while identifying defensive security measures needing improvement.

Network Security

Using internal penetration testing or external penetration testing, our certified testers will uncover and exploit vulnerabilities that may exist in your internal or external networks, as well as associated devices like routers and switches, and network hosts. 

IOT Security

With the vast world of IoT, pen testers will tailor each assessment to the specific device, which may include threat modeling, hardware and firmware analysis, or source code review.  

Other Security Testing Services

These engagements deploy the tried-and-true red teaming playbook to evaluate the strength of your organization’s security posture. First, red teamers will attempt to gain initial access via phishing attempts and direct attacks on external systems. They will then function as embedded adversaries in internal networks, and lastly, they will try to copy and exfiltrate sensitive sample data to see if your organization’s data loss prevention solutions can be bypassed. 

These high-level engagements validate standard security controls within your organization’s network. The red team will use various tools to run a breach and attack simulation in order to verify that security tools are working.  

For these engagements, in addition to infiltrating and testing the environment, the red team will also serve as trainers for the internal blue team. Our offensive experts can run through different tactics, demonstrate evasions, and make recommendations on where your organization should bolster defenses.  

The red team will be given access to simulate an active intrusion, executing an objective focused attack chain to challenge the blue team’s reactions to a live, adaptive adversary emulating the actions of real-world entities such as nation state threat actors or ransomware gangs. This allows for blue teams to test and identify potential gaps in their security strategies and processes.  

Black Box tests are a full scope exercise that provide an end-to-end attack scenario. These comprehensive engagements are ideal for assessing the maturity of your organization’s security program, providing a thorough picture of adversarial efforts, exposing potential gaps in both active and static defensive strategies.