Usually called reconnaissance, this is the first step of the penetration test. This is where one of our professionals will go online and research everything they can about your company, the websites you have, and any other digital properties you want tested.

We begin the process with a meeting where the company's representative informs our team about what areas they want tested, and what areas are off limits or in production phases. Recon initially takes 5 days.

Scanning is a deeper form of information gathering using technical tools to find openings in the target system(s). These openings include internet gateways, listening ports, vulnerability lists, and available systems.

Vulnerability scanning is common in this phase. We take note of all findings and carry it to the next stage. You as a client also get reports after each stage, and a brief summary of how it went.

Exploitation is the act of using the information gained in phase 1 and phase 2 to take control of, or take offline, any number of target devices. Taking control of devices in this phase allows data extraction, or utilization of the target devices, to attack another target device.

This will only be taken as far as it needs to be to prove the vulnerability, and the client is in control always; if you say to stop testing a resource we will stop immediately.

Maintaining access of a target machine is commonly done by installing backdoors and planting rootkits. This is also known as creating persistence on a target device. This also is only done to the point of proof, called a proof of concept.

We lay out all of these points in our reports at the conclusion of our testing. We have a bottom line report for business owners to summarize the testing, the dangers we found, and the solutions we offer. We provide a more comprehensive technical report with specific details on each issue, that is sent to the designers or programmers that manage your website and online resources.

Covering tracks is simply removing all evidence an attack ever took place. This can involve editing logs, hiding files, and de-escalation of custom privileged accounts.

If you are running a website on a rented server space (such as GoDaddy, etc), they will not have adequate protection for your website and related data. They will not tell you if you have been attacked, or if their systems have been attacked or compromised. It is rarely in their contracts to report such breaches, and often the reporting of such events is up to the company themselves.

You, as a client, will receive a brief report and summary after each step. Approximately 24 hours after completion of all testing, you as the business owner, will receive a full report of the findings.

A technical report will also be sent to your website designer/programmer; this report often also contains suggestions for improvement. Our team will work with yours to maintain security and keep you running safely every step of the way.