Pen Testing Overview

Nettitude bases its Penetration Testing methodology around the OSSTMM framework. The Open Source Security Testing Methodology Manual (OSSTMM) is an industry recognised approach to testing IT infrastructures. OSSTMM is based around 5 controls that test the following areas

• Information & Data Controls
• Personnel Security Awareness Levels
• Fraud & Social Engineering Control Levels
• Computer & Telecommunication networks
• Wireless Devices
• Mobile Devices
• Physical Security Access Controls
• Security Processes
• Physical Locations

Nettitude's team of CISSP and CEH Consultants are able to provide tests around all key elements of the OSSTMM.

Nettitude looks to provide 3 levels of documentation for all Penetration Testing engagements. We will look to provide a high level Management Document that addresses an organisation's security from a high level perspective. Nettitude will also provide a technical document that addresses each exposure that we identify and each instance that we compromise. This technical document will provide technical recommendation on how any organisation can improve their security posture moving forwards. Nettitude can also provide a compliance document on request. Where organisations are looking at PCI DSS, Sarbanes Oxley or ISO27001, Nettitude can audit an environment against these controls, and determine an appropriate pass or fail score card.

• Vuln: Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability
• Vuln: Microsoft Excel FNGROUPNAME Record Remote Code Execution Vulnerability
• Vuln: Squid Web Proxy Cache HTCP Request Processing Remote Denial of Service Vulnerability