HSC - Services - Penetration tests

Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet

You are here: Home > Services > Penetration tests

Go to: HSC Trainings

Services

			Skills & Expertise
			Consulting
			ISO 27001 services
			Audit & Assessment
			Penetration tests
			Vunerability assessment (TSAR)
			Forensics
			ARJEL
			Training courses
			E-learning

Conferences

			Agenda
			Past events
			Tutorials

Resources

			Thematic index
			Tips
			Lectures
			Courses
			Articles
			Tools (download)
			Vulnerability watch

Company

			Hervé Schauer
			Team
			Job opportunities
			Credentials
			History
			Partnerships
			Associations

Press and
communication

			HSC Newsletter
			Press review
			Press releases
			Publications

Contacts

			How to reach us
			Specific inquiries
			Directions to our office
			Hotels near our office


		Penetration tests


	See also... Audit & Assessment Vunerability assessment (TSAR) HSC ethical and deontological guidelines HSC Newsletter How to request an intervention Theme penetration tests

HSC's traditional penetration tests are a very technical service which aims at compromising, from outside, the security of your information system, thanks to "human intelligence".

This service can have several goals:

Prove that the installed security system is inadequate and can be bypassed. This could help managers or IT persons in your company feel implicated.
Put into test the security of an environment and qualify its resistance to a certain level of attack. This is a qualification at moment T of the resistance level, and allows to check that a malicious external attacker can not easily penetrate your information system.
In addition to a security audit : a penetration test can reveal security problems caused by some inconsistency between elements. Complex interactions are sometimes difficult to apprehend during an audit which focus on architecture, IP filtering, operating systems, web servers, and applications, one by one.

The HSC Offer

HSC proposes two types of penetration tests:

The classical penetration test : to guarantee good results, we recommend not to go over 5 sets of web servers, applications, and related back-office.
The application penetration test, to test a web server, applications, and related back-office.

Each penetration test report re-examines every conducted operation, and allows to replay the tests. Every encountered problem is enumerated, with their criticity level, their exploitation feasibility, and our recommendations about fixes to bring. A paragraph suggests an executive summary, understandable by a non-technical management staff.

A meeting to present the results is recommended when the report is large, to help the interested people to understand the various issues.

Why choose HSC ?

Such a service requires a high technical expertise level, in order to produce a credible result. The HSC agency was one of the first to provide this kind of service in France (cf. talk of 1996 ). Its technical team is familiar with even the latest attack techniques, with a strong experience in software and applications audits, as well as programming languages. Security flaws are mostly situated at the application level.

HSC also runs a vulnerability monitoring service which allows to remain up-to-date about the latest vulnerabilities.

Furthermore, HSC penetration testing methodology is based on over ten years of expertise in the field, supplemented by methodologies such as open OWASP and OSSTMM.

Finally, deontology is a key element which should guide your choice. HSC has been carrying out exhaustive and confidential penetration tests since 1995, to the greatest satisfaction of its customers.