Hurricane Labs differs from most companies in that we test from the perspective of potential attackers. We do not rely on the typical scanning tools or generate automated reports. We use the same open tools and manual approaches you would expect from a skilled attacker. The difference is we are experts at helping you remediate potential vulnerabilities and exploits.
Hurricane Labs seeks to assist in identifying and correcting network vulnerabilities first; immediately reporting them to the client so they can act quickly to prevent major data loss or downtime. Once these issues have been addressed we move on to identifying smaller vulnerabilities.
Our ability to customize tools for your business and our security expertise give us the edge to create reports that provide concise data, realistic examples on how to reproduce the problems, and most importantly, the information on how to correct the issues we’ve discovered. On top of all that, any scan data that is produced is still included in the rear-section report. We provide penetration testing AND analysis.
The penetration testing process will proceed upon your request. We will start when you give the okay, and we will cease when you need us to. The steps of a standard penetration test are as follows: discovery, scanning, attack, report, remediation, and retest.
Throughout all of these steps, you are updated with our progress. If at any point you have an issue, we are available 24/7, so you can give us a call and get answers. When the test is concluded, you are given the penetration report in a timely fashion, usually governed by the number of targets and amount of data found.
This is the first stage in our penetration test procedure. It is a non-invasive scan of the network and hosts, where the object is simply information gathering. The web servers are spidered in order to avoid false positives and to keep from wasting resources.
Using various tools (including OPVD and Qualys) your network is scanned for obvious vulnerabilities. We compile all of the vulnerability and port scans in order to create a custom database of assets that can be reviewed by the penetration testers so that nothing is overlooked. This helps establish a point of reference and provides direction throughout the engagement.
Working from the initial discoveries and scan results, we manually test for a multitude of issues and attempt a variety of exploits – just like a real attacker. All the major vulnerabilities are exploited to their fullest extent in order to provide a proof of concept and prove that the methodology used is accurate.
Once the penetration test is complete and all vulnerabilities have been documented, Hurricane Labs will clean up the system and put it back to the way it was found to maintain your professional environment.
Upon completion a report of our results is generated and available in your Customer Portal. In this document you’ll find: a list of vulnerabilities categorized into levels of severity, how the exploits were achieved, and suggestions on how to repair the issues.
Using the results from your unique Report, we work with you to establish the best possible procedures to eradicate as many vulnerabilities as possible.
We conduct a second test after the issues have been resolved. Having a second look at the scope helps ensure the proper fixes are in place.