Use our contact form above to get started.
Link Mountain Penetration Testing Services
Penetration Testing is All We Do.
PCI-DSS Penetration Testing
Link Mountain has conducted several hundred penetration tests for PCI compliance for its QSA and ASV clients, in addition to testing performed directly for end clients. Link Mountain has extensive experience with PCI penetration testing and application security review, including facilitating and coordinating communication and deliverables with QSA firms engaged in audit. Link Mountain meets all PCI-DSS requirements for penetration testing and has extensive history and experience assisting clients in meeting this compliance mandate.
Penetration Testing for Other Compliance Drivers and Risk Reduction Initiatives
Link Mountain penetration testing experience does not end with PCI related testing. Link Mountain has tested and compromised systems housing national law enforcement data, systems requiring HIPPA compliance, and numerous private, municipal, county and state government systems.
Penetration Tester Qualifications
All Link Mountain penetration tests are conducted by certified security professionals who are US citizens with background checks. We require our penetration testers to hold at least one of the following industry recognized professional certifications: CISSP, GSEC, GWAPT, GPEN or CEH.
In addition, Link Mountain requires all penetration testers to have web development experience in at least two base languages, frameworks and platforms, because you can't test what you don't understand. We also require solid writing and communication skills, because it doesn't matter if we understand the issues if our client can't understand the reports. These are not industry requirements, these are our requirements. All Link Mountain penetration testers are certified and very well qualified.
Penetration Testing Business Process and Communication
Link Mountain achieves cost reduction in penetration testing through efficient business process, without compromising on test coverage or utilizing off-shore or under qualified personnel. Our penetration testing process is designed to assure early identification of all pertinent information, smooth process flow through the penetration testing engagement, clear, extensive and timely communication with clients, and detailed, timely finding reports and remediation checklists that foster a smooth remediation process. Our penetration testing process reduces mistakes and rework, and reduces costs substantially while improving communication in both directions and with third parties such as auditors. We've done this a lot, it's all we do, and we know how to make it easier on you, your auditor, and us.
Penetration Testing Methodologies
Link Mountain employs two basic penetration testing methodologies, both of which rely on industry standard penetration testing techniques, but serve different objectives. We refer to these two methodologies as Breadth First Penetration Testing and Depth First Penetration Testing. Both of these penetration testing methodologies feature intensive manual effort by our penetration testers and apply to both internal and external penetration tests. We do not offer automated penetration testing. Here is a comparison of our two basic penetration testing methodologies:
Depth First Penetration Testing
This form of penetration testing is generally at least twice as expensive as Breadth First penetration testing. It is a thorough test, like Breadth First Testing but differs in that it pursues exploitation of discovered vulnerabilities to the fullest extent possible within the approved scope and budget. The focus of this kind of penetration test is to determine how deep into your network we can get. This kind of testing requires the use of tools and techniques which can expose systems and data to a higher level of stability and corruption risk. This type of testing focuses on depth, is substantially more time consuming than standard breadth first testing and is best suited for:
Standard Breadth First Penetration Testing
This is our high quality/low risk/low cost standard model. It is very thorough, but pursues exploitation of certain discovered vulnerabilities only to the point of demonstrating feasibility. Exploitation is not pursued at all if the vulnerability is manually determined to be valid and remediation is required by compliance mandate, or if, in our opinion, exploitation would jeopardize either full test coverage or the stability of the systems we are testing. We use the same highly qualified personnel and test coverage includes everything that we do in full exploit testing except exploits that expose systems or data to high risk. It is the most commonly used form of testing we provide and is best suited for:
Penetration Testing Reports
We have invested a lot of time in our penetration testing reports. They are designed to clearly communicate the scope and rules of engagement of the penetration test, tools and methods used in testing, clear remediation guidance, detailed finding reports and a context relevant severity rating system. The latter is especially important. One of the ways to easily identify a cheap, automated penetration test is the use of severity ratings that are simply copied from scanner output. Scanners are just software, and severity ratings from scanner output have very little context awareness or adjustment. The true severity of any vulnerability is dependant on the context in which it is found. Intelligent, trained human beings have no trouble identifying context.
The Final Penetration Testing Report
The final penetration testing report includes an executive summary, scope and rules of engagement sections, tools and methodolgy section, network and host configuration test coverage section, wireless, application and social engineering coverage (when in scope), a remediation guidance section and finding details section. We are happy to provide sample reports, just contact us and we will provide you with one.
Perimeter and DNS Analysis
This report details any discrepencies found in firewall rules, all open services discovered and DNS testing results. It is part of the main report for small penetration testing engagements, but is often provided as a seperate report on large engagements or engagements with many discovered services.
Individual Finding Reports
Finding reports may be thought of as mini reports, specifically related to a single finding. Link Mountain penetration testing final reports will include all finding reports, but we also take the time to provide each finding report as a seperate file. Why? Because it allows our clients to easily distribute the individual finding reports to the people who need them. It avoids the neccesity of copying and pasting data, or sending the entire final report with all of it's sensitive data to everyone who may need to work on just a part of it. For clients who outsource, and clients with many departments, it is a real time saver. Sounds simple and logical, but it is not something that everyone does. We think it's important and we always provide our finding reports consoldated together on the final report, and individually, as separate files.
This document is provided with each penetration test we perform. If you will be requesting a remediation penetration test from us, this document will speed things up considerably by informing us about what you want us to re-test and what steps you took in remediation. If you do not intend to retest, it is still advisable to retain a record of the remediation steps taken. The provided checklist can be used for that purpose. Again, this may sound simple and obvious, but it is surprising how many firms do not provide one with the final penetration testing report.
Public Penetration Testing Reports
It is becoming increasingly common for organizations to request evidence of penetration testing prior to purchasing software or outsourcing for software as a service. Our public penetration testing report is a document that states that we performed a penetration test for our client, states what we tested, when we tested, and further states that any faults identified were corrected. It does not include any sensitive data or list any faults that we may have found. It provides our clients with evidence of penetration testing, which can then be presented to any prospective purchaser or any other legitimate third party who may request it of them.
Penetration Testing FeesBest of all, we publish our penetration testing prices. For our current rate table, see Cost of Penetration Testing.
More questions? Contact us today, no pressure - just answers.
Use our contact form at the top of the page to get started.