Beruflich Dokumente
Kultur Dokumente
Solution Overview
Solution In the race to develop online
At-a-Glance: services, networked hosts and
underlying applications have
Performed internally
(internet accessible), exter-
often been deployed with mini-
nally (private), or both mal attention to security risks.
The result is that most corpo-
Locate and identify respond-
rate sites are surprisingly vul-
ing hosts
nerable to hacking or indus-
Exploitation of indentified
trial espionage.
vulnerabilities with the in-
tent of gaining access to To test this, Ethical Hacking
sensitive information assets
(sometimes referred to as
Detailed reporting of findings Penetration Testing) is per-
and risks including narrative formed in conjunction with
scenarios that walk you
vulnerability scanning.
through each step of the
attack
Halock’s "Red Team" of ethical hackers can perform an in-depth analysis of identified potential
Identify and document ap- high risk vulnerabilities with the primary objective to gain access to sensitive data assets within
proaches and recommenda- the organization environment as a practical demonstration of what a malicious individual could
tions to resolve security accomplish.
vulnerabilities
Many vulnerabilities, when viewed independently, do not pose a great risk to the organization.
When these weaknesses are combined and placed in the hands of a skilled attacker, the result is
often a breach. Understanding and resolving configuration and security issues helps prevent the
organization from experiencing and having to disclose a real attack in the future.
Manual testing directed at fully exploiting Advanced testing techniques including SQL Pricing varies based on the
identified key vulnerabilities Injection, ASP and CGI script size, complexity, and depth of
testing
vulnerabilities, Cross-site scripting, Hidden
Attempts to gain authenticated access to -field manipulation, Authentication Typical Ethical Hacking en-
protected systems using "brute force" vulnerabilities, Session hijacking, Database gagements range between
techniques of guessing login names and errors, Directory traversal, Form field data $5,000 and $20,000
passwords validation Additional fees apply to in-
depth application testing
Advanced techniques of system compromise, Exploiting sensitive information contained
such as utilizing buffer-overflow in within application source code and
vulnerabilities to implant "root-kits" on target underlying systems
systems, which can then be used for further
privilege escalation Documentation of findings, including
detailed walkthroughs of exploit scenarios
1834 Walden Office Square, Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com
847.221.0200 halock.com
Any system with detected vulnerabilities can be targeted for ethical hacking. If there are specific systems
Halock should focus on, please indicate below:
Are there any special considerations that need to be taken into account (i.e. Off site hosting)?
Please list.
1) _____________________________________________________________________________
2) _____________________________________________________________________________
3) _____________________________________________________________________________
4) _____________________________________________________________________________
1834 Walden Office Square Suite 150 * Schaumburg, IL 60173 * 847.221.0200 * www.halock.com