For Web Apps, Networks, PCI, Internal, & External

Types Penetration Tests offered by CIMS?

How Does CIMS Approach Penetration Testing Engagements?

CIMS evaluates various points of exposure in your programs, systems, and networks, attempting to gain deeper levels of access and higher levels of security clearance. Once these access points are identified, we’ll work with you to build a plan that helps your company be better prepared to face threats.

Our penetration test services have been accepted to satisfy the requirements of HITRUST, ISO 27000-1, NIST CSF, FFIEC, NCUA, GLBA, FISMA, SOC2.

External Penetration Test
Consists of enumerating and verifying vulnerabilities that could be exploited by external attackers to gain unauthorized access to your systems. CIMS’s team plays the role of an external attacker, attempting to exploit vulnerable systems to obtain confidential information or compromise network perimeter defenses.

Internal Penetration Test
Focuses on determining the potential business impact of a security breach and validating the level of effort required for an attacker to overcome your security infrastructure. After access is gained, FRSecure identifies configuration issues and vulnerabilities that can be exploited. Using that information, FRSecure attempts to complete several objectives that are designed to replicate common attacker behaviors.

Red Teaming
A more holistic standard of penetration testing. Red teams simulate real-world attacks that focus on the effectiveness of an entire information security program utilizing the same tools, tactics and techniques that adversaries would likely employ. The goal is different in that adds focus to people and process, not just a particular sub-system within your tech stack.

Web App Penetration Test
Focuses on evaluating the security of a web application by using aspects of the Penetration Testing Execution Standard (PTES) and the OWASP standard testing checklist, and involves an active analysis of the application for any weaknesses, technical flaws or other vulnerabilities. You’ll receive an assessment of the potential impact, steps to reproduce the issue if applicable, and CIMS’s recommendations for remediation.

Physical Penetration Test
Measures the effectiveness of security training, internal procedures, and technical controls by attempting physical access to your organization. FRSecure staff will pose as a legitimate person or company (fire inspector, exterminator, power company technician, etc.) and then attempt to gain access to restricted areas, obtain a physical network connection, or access unattended workstations or information stores.

PCI-DSS Penetration Test
With specific goals set by the PCI Security Standards Council, this test involves both external and internal penetration test methodologies. The two main objectives of this test are; 1) To determine whether and how a malicious user can gain access to assets that affect the fundamental security of the systems, files, logs and cardholder data; 2) To confirm that the applicable controls required by PCI DSS are in place.