Penetration Testing

Backbone Security recognizes the importance of a defense-in-depth approach to promoting IT security and compliance.  True security involves much more than just getting clean results on a vulnerability scan.

A penetration test, or pen-test, involves simulating an actual attack.  Instead of simply using passive test methods, a penetration tester will actively try to exploit weaknesses that are identified on a customer’s network.  This type of testing helps to illustrate where malicious entities might have success in the event of a real-world attack.

Penetration testing is a critical component of IT security and a mandatory task for various compliance standards, including the PCI DSS and SOC 2.

Section 11.3.1 of the PCI DSS v3 reads:

 “Perform external penetration testing at least annually and after any significant infrastructure or application upgrade or modification.”

Section 11.3.2 continues, explaining that internal penetration testing is required annually as well.

Whether your company needs low cost penetration testing or rigorous and exhaustive attack simulation, Backbone Security is equipped to help.  Each Backbone Security expert pen-tester has achieved the title of Offensive Security Certified Professional (OSCP). 

Additional credentials held by our team include but are not limited to Certified Information Systems Security Professional (CISSP) and CompTIA Security+.

For more information about pricing, contact us now or read more at our penetration testing cost page.

You may also be interested to read how a PCI penetration test differs from basic PCI scanning.