Why Network Penetration Testing?
These days more and more devices are networked than ever before. IoT (Internet of things) has pushed billions of new IP devices into the market. Every single one is a potential target.
Compliance regulations may require regular pen testing
Customers and partners may require proof of regular pen testing
Proactive security investment instead of reactive repair costs
Avoid legal action and reputational damage following a breach
Service Description
This is a security testing service that focuses on finding vulnerabilities, misconfigurations and other flaws in your networks, infrastructure (routers, switches, firewalls, VoIP, VPNs, authentication and authorization mechanisms etc.) and overall architecture (for example servers and services in cloud or on-prem, network protocols, operating systems and any other IP enabled components such as IoT devices).
In this service, we try to exploit vulnerabilities in order to gain full access to vulnerable systems. In a Network Vulnerability Assessment, which is a cost effective alternative to a Network Penetration Test, we only report on the flaws without actively exploiting them.
Tests performed
Our testing methodologies are aligned with the NIST and SANS testing frameworks. This includes OSINT, Full TCP and UDP port scanning, exposed ports identification, banner grabbing, service and vulnerability identification, detecting out of date software and hardware installations, detecting missing patch levels, brute forcing logins, fuzzing, exploitation of known and unknown vulnerabilities as well as privilege escalation.
Deliverables
Full report (Executive summary and in-depth technical report)
Mitigation Advice on encountered vulnerabilities
Instant notification of critical vulnerabilities found during testing phase
Secure report delivery by encrypted email
Flexible options
Vulnerability Assessment (Identification without exploitation)
Black-box (from an attacker’s perspective without credentials)
Grey-box (from a malicious user’s perspective with user credentials)
White-box (with full admin credentials and access to source code)
External testing (Internet facing) or internal testing via VPN
Packages for recurring and continuous automated testing available
Impact minimization by protection from malicious exploits or DDoS tests
Fine grained scoping and testing only during agreed schedule
Why Bongo Security?
Consultants with 10+ years of ethical hacking experience
Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
Experience across all industry and government sectors
We are an independent third party concerned with finding & fixing flaws
No conflict of interest. We are not embedded with HW/SW vendors
Dedicated Red Team approach with specialists in all technologies
Leveraging Bug Bounty Expertise
Many of our consultants are actively engaged in public and private bug bounty programs for brands like Amazon, Twitter, Facebook, Google, Uber, LinkedIn, the U.S. Department of Defense and others. These are often seasoned and extremely hardened systems and applications, yet our consultants discover and report high impact flaws in these companies on a regular basis. We are leveraging our bug bounty expertise on hardened systems and applications in our Penetration Testing methodology.
As of April 2022, one of our founders who goes by the nickname of “bongo” managed to achieve 1st. rank amongst hundreds of security researches on Bug Bounty Hunter. Bug Bounty Hunter is a sophisticated modern web application with all kinds of vulnerabilities which have been found in real-world application bug hunting.
https://www.bugbountyhunter.com/hunter/bongo
Download Flyer and Sample Reports
1. BONGO-SECURITY-FLYER
2. BONGO-SECURITY-PENETRATION-TESTING-SAMPLE-REPORT
References and Certifications
If you would like to speak to one of our existing customers, we are happy to arrange that. Please note that a lot of customers wish to remain anonymous and not to serve as a reference due to the sensitivity of the work we perform. Naturally we always comply with our customers. We do however have some clients who are happy to serve as references. Should you require validation of our consultant’s certifications, we can arrange that as well.