Penetration Testing

CIS offers both network and web application penetration testing services. These services simulate a real-world cyber attack, allowing organizations to safely review the security posture of their web applications and networking devices.
Taking the vantage point of an attacker, our testing experts attempt to exploit external resources and gain access to internal resources that compromise the organization’s infrastructure.

Methodology

CIS’ penetration tests use an iterative, four-phased approach employing techniques and guidelines from the Open Web Application Security Project (OWASP) Top 10 Web Application Vulnerabilities Project and the NIST SP 100-115 Information Security Testing and Assessment standard. This testing method includes activities to pinpoint vulnerabilities at each operational layer of the target network, aimed to identify critical weaknesses inherent to web applications, many of which are outlined in the OWASP Top 10 Project. Using a combination of automated tools and manual techniques, we thoroughly assess your organization’s systems to identify exploitable vulnerabilities that could be used by cyber threat actors.

Deliverables

For each network and web application test, CIS delivers a written report detailing each vulnerability type discovered along with a risk rating of low, medium, or high. Reports include specific details for each vulnerability
found including:
  • How the vulnerability was discovered
  • The potential impact of its exploitation
  • Recommendations for remediation
  • Vulnerability references

Pricing

Pricing for CIS Penetration Testing services is dependent upon the scope of work requested. If you would like more information about penetration testing or a quote, please contact us at services@cisecurity.org.

Free Guide: Cybersecurity Services to help implement the CIS Controls:

Download Arrow