Internal & External Penetration Testing

PriorityOne’s internal and external penetration testing services help your customers find areas of weakness in their technical environment.  Beyond vulnerability discovery, we will actively attempt to exploit any discovered weaknesses using real-world techniques such as privilege escalation, traffic sniffing, custom scripts, and exploitation toolkits.

The goal of internal/external penetration testing is to answer the question “how easily could a hacker access private data on my systems?”

PriorityOne carries out internal and external penetration testing according to the globally-recognized NIST SP-800 115 standard.  Phases of penetration testing are listed below.

  1. Establish rules of engagement

  2. Attack surface reconnaissance

  3. Exploitation

  4. Analysis and reporting

  5. Closeout meeting

Whether your customer is aiming to comply with a regulation or simply gain a better understand of the risk to their private data, our templated services are trusted and non-disruptive.

PriorityOne’s penetration testing services will help your customers comply with the following regulations.

  • PCI Requirement 11.3.1 & 11.3.2

  • New York State Department of Financial Services 23 NYCRR 500 §500.05(a)(1)

  • Gramm-Leach-Bliley Act §501(b)

  • Federal Trade Commission 16 CFR Part 314 §314.4