Cybersecurity Testing

Loptr’s cybersecurity testing covers basic and advanced requirements from network vulnerability scans to manual pen-testing to configuration audits. Loptr’s specialized firewall, password, and SaaS platform security reviews provide deep-dive testing that can help prevent real-world attacks.

SERVICEDESCRIPTION
Vulnerability scan, InternetScan of internet-facing information systems (e.g., servers and network devices) to identify vulnerabilities that could be exploited by an outside hacker
Vulnerability scan, Internal Network(s)Scan of internal information systems (e.g., servers, workstations, network devices, mobile devices, printers, and IoT devices) to identify vulnerabilities that could be exploited by a malicious insider or a hacker with access to an internal system or network
Vulnerability Scan, Wireless NetworkScan of wireless corporate and guest network(s) to detect misconfigurations and vulnerabilities that could expose sensitive data or provide access to unauthorized outsiders
Dynamic Web Application Security TestScan of web application(s) for software vulnerabilities, misconfigurations, missing patches, and exposed data
Penetration Test, InternetNetwork-targeted attacks on internet-facing infrastructure using automated and manual pen-testing techniques to identify and validate exploitable vulnerabilities using an iterative process (planning, discovery, analysis, attack) aligned with NIST SP 800-115
Penetration Test, Internal Network(s)Network-targeted attacks, from the perspective of a bad actor with access to an internal system, using automated and manual pen-testing techniques to identify and validate exploitable vulnerabilities using an iterative process (planning, discovery, analysis, attack) aligned with NIST SP 800-115
Penetration Test, FacilityIntrusion tests of an organization’s facilities to identify points-of-access for unauthorized outsiders or unauthorized insiders that expose sensitive data and assets to disclosure or theft or present a risk to workforce safety
Penetration Test, Wireless NetworkAttacks aimed at publicly accessible, corporate or guest wireless networks to gain access to sensitive information, authentication credentials, or restricted networks
Penetration Test, Web ApplicationApplication-centered attacks, as a hacker and/or authorized users, to identify exploitable vulnerabilities that reveal sensitive data, allow privilege escalation, or expose connected platforms to attack
Network DiscoveryProbes (typically over a 1-week period) to detect and identify the devices (e.g., servers, workstations, network devices, mobile devices, printers, and IoT devices) connected to an organization’s network(s) to identify unauthorized devices and establish an up-to-date asset inventory
Firewall Configuration AuditFirewall configuration review (e.g., rules, features and settings, host hardening, patch management) to identify misconfigurations and vulnerabilities
Password CrackingTest of login credentials (i.e., password hashes) to identify weak passwords that could be easily guessed or cracked by attackers
Asset MonitoringRegular monitoring of operating system details (for Windows, macOS, and Linux systems) to identify misconfigurations, vulnerabilities, and indicators of compromise
Enterprise OSINT/Dark Web SearchDeep-dive open source intelligence (OSINT) research to identify points of attack for social engineers (e.g., information about an organization, its workforce, partners, and key technologies) and assess the organization’s exposure to phishing, whaling, BEC, vishing, and other social engineering attacks
Office 365 Security AuditIdentifying Office 365 misconfigurations, implementation gaps, and opportunities for improvement
Google G Suite Security AuditIdentifying Google G Suite misconfigurations, implementation gaps, and opportunities for improvement
UA-58917887-1