Loptr’s cybersecurity testing covers basic and advanced requirements from network vulnerability scans to manual pen-testing to configuration audits. Loptr’s specialized firewall, password, and SaaS platform security reviews provide deep-dive testing that can help prevent real-world attacks.
SERVICE | DESCRIPTION |
Vulnerability scan, Internet | Scan of internet-facing information systems (e.g., servers and network devices) to identify vulnerabilities that could be exploited by an outside hacker |
Vulnerability scan, Internal Network(s) | Scan of internal information systems (e.g., servers, workstations, network devices, mobile devices, printers, and IoT devices) to identify vulnerabilities that could be exploited by a malicious insider or a hacker with access to an internal system or network |
Vulnerability Scan, Wireless Network | Scan of wireless corporate and guest network(s) to detect misconfigurations and vulnerabilities that could expose sensitive data or provide access to unauthorized outsiders |
Dynamic Web Application Security Test | Scan of web application(s) for software vulnerabilities, misconfigurations, missing patches, and exposed data |
Penetration Test, Internet | Network-targeted attacks on internet-facing infrastructure using automated and manual pen-testing techniques to identify and validate exploitable vulnerabilities using an iterative process (planning, discovery, analysis, attack) aligned with NIST SP 800-115 |
Penetration Test, Internal Network(s) | Network-targeted attacks, from the perspective of a bad actor with access to an internal system, using automated and manual pen-testing techniques to identify and validate exploitable vulnerabilities using an iterative process (planning, discovery, analysis, attack) aligned with NIST SP 800-115 |
Penetration Test, Facility | Intrusion tests of an organization’s facilities to identify points-of-access for unauthorized outsiders or unauthorized insiders that expose sensitive data and assets to disclosure or theft or present a risk to workforce safety |
Penetration Test, Wireless Network | Attacks aimed at publicly accessible, corporate or guest wireless networks to gain access to sensitive information, authentication credentials, or restricted networks |
Penetration Test, Web Application | Application-centered attacks, as a hacker and/or authorized users, to identify exploitable vulnerabilities that reveal sensitive data, allow privilege escalation, or expose connected platforms to attack |
Network Discovery | Probes (typically over a 1-week period) to detect and identify the devices (e.g., servers, workstations, network devices, mobile devices, printers, and IoT devices) connected to an organization’s network(s) to identify unauthorized devices and establish an up-to-date asset inventory |
Firewall Configuration Audit | Firewall configuration review (e.g., rules, features and settings, host hardening, patch management) to identify misconfigurations and vulnerabilities |
Password Cracking | Test of login credentials (i.e., password hashes) to identify weak passwords that could be easily guessed or cracked by attackers |
Asset Monitoring | Regular monitoring of operating system details (for Windows, macOS, and Linux systems) to identify misconfigurations, vulnerabilities, and indicators of compromise |
Enterprise OSINT/Dark Web Search | Deep-dive open source intelligence (OSINT) research to identify points of attack for social engineers (e.g., information about an organization, its workforce, partners, and key technologies) and assess the organization’s exposure to phishing, whaling, BEC, vishing, and other social engineering attacks |
Office 365 Security Audit | Identifying Office 365 misconfigurations, implementation gaps, and opportunities for improvement |
Google G Suite Security Audit | Identifying Google G Suite misconfigurations, implementation gaps, and opportunities for improvement |