1. Cloud Based Penetration Testing - Cloud computing is the shared responsibility of Cloud provider AWS, Azure, Google and clients who earn the service from the provider. Due to impact of the infrastructure, Penetration Testing is not allowed in SaaS Environment. Cloud Penetration Testing allowed in PaaS (Platform as a Service) and IaaS (Infrastructure as a Service) with some Required coordination.
2. External Penetration Testing - This type of pen test is the most common requirement for the pen testers. It aims to discover vulnerabilities and gaps in the network infrastructure of the clients. Since the network could have both internal and external access points, so it is mandatory to run tests locally at the client site and remotely from the outer world.
2. Internal Penetration Testing/Internal Security Assessment - This test follows a similar methodology to external testing, but provides a more complete view of the internal site’s security with no prior knowledge of the site (black box). Testing will typically be performed from a number of network access points, representing each logical and physical segment
3. Wireless Penetration testing - During a Wireless Attack and Penetration, Virtual
IT will take a wireless footprint of the target environment to identify all access points that belong to your organization. More importantly, the encryption types used across the wireless environment are determined at this time. Key targets are selected for attack. If unencrypted networks are observed, clear-text transmissions can be sniffed and reassembled in an attempt to identify user credentials and sensitive information.
4. Social Engineering Phishing (RansomeWare, CyrptoJacking & Email scams) – A social engineer security penetration test is an activity in which a test team uses the art of manipulating people into performing actions or divulging confidential information through means of phishing (Email scams) on CLIENT staff posing as a service person.
5. Social Engineering Voice Phishing (Vishing) - Browser Proxy Hijacking Vishing –This social engineer security penetration test is an activity in which a test team uses the art of manipulating people into performing actions or divulging confidential information through means of phishing vishing (voice) telephonic techniques on CLIENT staff posing as a service person.
6. A web application penetration testing provides an independent verification of the security status of an organization's web application(s). This test determines whether web-based applications present an exploitable risk to the organization. We will determine if vulnerabilities exist in an application by testing each interface to the application including server operating system, application platform, and database. Virtual IT will complete application penetration testing that includes Enumeration, Vulnerability Assessment, and Exploitation. We will attempt to exploit any identified vulnerability and misconfiguration, identification of prioritized remediation needs, requirements, and associated risk