Having a regular penetration test performed by a third party is often required by various compliance frameworks and it is also a good way to gain assurance that your environment is secure. We perform penetration tests that are customized for your environment, including external network, internal network, application based and API penetration tests.
DesignCS Penetration Testing Methodology
Regardless of the scope of the penetration testing that we perform, we have six distinct phases that we perform each time. In the Reconnaissance and Scanning and Enumeration phases, we typically utilize automated tools like Burp Suite, Nmap, Curl, Netcat, GoBuster and others to start things off. This is followed by human review of the results, the use of a good old fashioned web browser and a transition into the exploitation phase where we try to make the most of the initial findings. We then move through cleaning up after ourselves and reporting the results back to our clients.
- Reconnaissance: Identify targets and gather useful information on the target environment from a variety of sources.
- Scanning and Enumeration: Perform vulnerability scanning on identified targets and enumerate ports, services, users, and other pertinent information.
- Exploitation: Utilizing the information gathered in the scanning and enumeration phase, attempt to exploit weaknesses in the target systems or environment.
- Post-exploitation: Following successful exploitation of a target, gather evidence and re-initiate scanning and enumeration, with new targets and opportunities to pivot sought out.
- Clean-up: Remove backdoors or other files left during exploitation and revert changes made to target systems where possible.
- Reporting: Document findings in a penetration test report including evidence, steps to reproduce, and recommendations for remediation. Present report to authorized contacts on the project team.
Types of Penetration Testing and Related Pricing
Choosing the right scope of penetration testing for your environment is essential so you get the coverage that you assume that you will be getting. We offer a variety of approaches, but here is the most common that we sell. We will be glad to walk you through additional options – it happens all too often that folks end up buying a vulnerability scan and thinking it is a penetration test.
External IP/Host Only Testing
External IP/Host Only testing is fairly straight forward – you give us a Classless Inter-Domain Routing (“CIDR”) block and/or list of host names and we knock on the door to see what we can find. Unlike a simple vulnerability scan, we will manually review the services running and attempt exploitation of what is exposed to the internet.
- External IP/Host Only Pricing for 1 /24 network – $8500, each additional /24 add $2000
Internal Network Testing
For Internal Network Testing, we will need to gain access to your internal network (either via VPN or a bastion host) and we will test your network from inside its external defenses. Aside from where the testing is performed, it is conducted much like an External IP/Host Only test.
- Internal Network Test Pricing for 1 /24 network – $8500, each additional /24 add $2000
Web Application Testing
Web application testing tests your (you guessed it!) web-based application for issues that are found in the OWASP Top 10 and others that our penetration testers will pull out of their hat. We approach it from a credentialed perspective and will get access to each role that you identify (usually at least an admin role and a regular user role) to see what we can cook up. Additionally, we take a basic look at application programming interface (“API”) usage by the web application to see if there are any basic exploits available for us to enjoy.
- Web Application Testing Pricing for one web application with up to 2 user roles and light API testing – $8500
Other Penetration Testing Options
We have many others types of penetration testing engagement options available, but these are a bit more difficult to price without understanding the scope of what you are looking for – just keep in mind that we can help with the following (and more).
- Deep dive API Testing
- Social Engineering – Phishing
- Social Engineering – Physical Security
- Purple Team Assessments
Combination and Annual Subscription Discounts
Please keep in mind that the above pricing is for single scope/statement of work engagements. If you see value in including multiple components above, have multiple applications, etc., we gain a significant amount of economies of scale. Contact us with your needs and we can work out a quote to cover a combination of the above items or a regular testing schedule that spreads the joy throughout your year instead of that one time you get it done each year!