We begin by researching publicly available company information, without touching business assets (Open Source Intelligence), in order to better understand the company’s current business model, and what is important to you. We then analyze public facing business assets, such as web sites and customer portals. This intelligence reveals what critical information is available without even touching internal properties and identifies areas of weakness. With this information, an plan of attack is generated. Electric Alchemy attacks are designed to mimic real world threats that are likely to be experienced by your business, both logically, and physically. In otherwords, we won’t drive a tank through your front door, but we could sneak someone in, through your back door. Full Scope penetration testing typically includes the following as well:
Equally as important to your security is identifying the ways in which your own employees are inadvertently providing access to mission critical data. Known as Social Engineering Assessments, this testing is designed to assess the effectiveness of your current security programs and often involves deceiving employees into breaking normal security procedures and revealing secured information. As an example, an employee may unknowingly divulge critical information to untrusted or unverified sources such as a request for password resets over the phone, or they could click on a malicious link in an unsolicited e-mail, giving an attacker access to your internal network.