Now more than ever, cybersecurity should be a the forefront of any organization’s priorities. The “new normal” has seen hundreds of thousands of employees begin to work from home. It’s a relatively new dynamic that hackers and exploiters are taking advantage of to breach and bypass normal security practices. Companies have had to relax protocols in order to facilitate remote workers without realizing the associated risks.
We understand and navigate this risk based environment on a consistent basis. Encyphr makes sure that organizations are safe and protected from bad actors through our comprehensive cybersecurity and pentesting service offerings.
Comprehensive auditing of WordPress sites. We attempt to find exploits and weaknesses in your site and installation.
Read More
Security scanning to ensure your remote workforce is secure. We are committed to reducing all attack vectors.
Read More
Testing that meets or exceeds requirements for established regulatory standards, including PCI DSS, FISMA, MARS-E, HIPAA, etc.
Read More
We test policies, plans, assumptions, and systems. It’s a simulation that tests how well companies can handle a real attack.
Read More
We assume the role of a trusted partner and extract security details from unsuspecting employees and document the details.
Read More
We safely look for ways to compromise your IT infrastructure. Information is then aggregated and presented for remediation.
Read More
Our most recent publications
Download for FREE
How does penetration testing differ from a vulnerability scan?
The differences between penetration testing and vulnerability scanning still causes a bit of confusion within the industry. We attempt to clarify this issue with the following summarization:
Vulnerability Scan
Penetration Test
Purpose
Identify, rank, and report vulnerabilities that, if exploited, may result in an intentional or unintentional compromise of a system.
Identify ways to exploit vulnerabilities to circumvent or defeat the security features of system components.
When
At least quarterly or after significant changes.
At least annually and upon significant changes.
How
Typically a variety of automated tools combined with manual verification of identified issues.
A manual process that may include the use of vulnerability scanning or other automated tools, resulting in a comprehensive report.
Duration
Relatively short amount of time, typically several several minutes to an hour per scanned host.
Engagements may last days or weeks depending on the scope of the test and size of the environment to be tested. Tests may grow in time and complexity if efforts uncover additional scope.
Testing certifications
Our testers are certified at a level of competence by one or more of the below certifications:
- Certified Ethical Hacker (CEH)
- Global Information Assurance Certification (GIAC) Certifications (e.g., GIAC Certified Penetration
- Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), or GIAC Exploit Researcher and Advanced Penetration Tester (GXPN))
- CREST Penetration Testing Certifications
- Communication Electronic Security Group (CESG) IT Health Check Service (CHECK) certification
Terminology
The following terms are used throughout this website and our documents:
- Penetration tester, tester, or team: The individual(s) conducting the penetration test for the entity. They may be a resource internal or external to the entity.
- Application-layer testing: Testing that typically includes websites, web applications, thick clients, or other applications.
- Network-layer testing: Testing that typically includes external/internal testing of networks (LANS/VLANS), between interconnected systems, wireless networks, and social engineering.
- White-box testing: Testing performed with knowledge of the internal structure/design/implementation of the object being tested.
- Grey-box testing: Testing performed with partial knowledge of the internal structure/design/implementation of the object being tested.
- Black-box testing: Testing performed without prior knowledge of the internal structure/design/implementation of the object being tested.
- National Vulnerability Database (NVD): The U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g., FISMA).
- Common Vulnerability Scoring System (CVSS): Provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.