Penetration Testing

We perform penetration testing on legacy systems, modern architecture, and cloud-hosted systems to identify and resolve critical vulnerabilities before they are exploited.

Penetration testing

We preform internal or external, open box or closed box penetration and network segmentation testing in real-time to uncover critical risks to your organization before they are exploited. Our security engineers identify threats to your key assets and critical infrastructure that may be at risk and assess how well your assets are protected.


Penetration Testing by Security Engineers


Network Penetration Test

Our security engineers perform an assessment of your on-prem or cloud infrastructure, assets, configurations, applications, and services. Using a combination of automated compliance tools and manual analysis, we will provide a detailed report along with recommendations for improving network security configuration. Our network security assessments include the following touchpoints:


  • Attack surface analysis
  • Enumeration of discoverable ports, services and applications
  • Automated and manual vulnerability identification
  • Privilege escalation and exploitation
  • Incident response control validation
  • Investigate compromised data and user accounts


Application Penetration Test

Our security engineers perform an assessment of your proprietary and third-party desktop applications, mobile applications, APIs and configurations. Using a combination of automated compliance tools, static analysis, and manual analysis, we will provide a detailed report along with recommendations for improving and protecting your application. Our Application security assessments include the following touchpoints:


  • Common developer mistakes such as OWASP Top 10
  • Supply chain vulnerabilities in open source packages and third party libraries
  • Investigate compromised or leaked intellectual property and data
  • Business logic and functional flaws
  • Architectural design flaws
  • Data encryption and cryptography flaws
  • Misconfigurations during development or deployment
  • Defense-in-depth control validation
  • Session Management flaws
  • Authentication and Authorization flaws


Conducting a Penetration Test

Our penetration tests include details on how vulnerabilities are identified, reproduction steps, potential risks and resolution recommendations. Our team of engineers use information gathering, vulnerability discovery and exploitation for methodology.

To kick-off a penetration test, our team works with our clients on the following:

  • Questionnaire identifying project scope
  • Alignment of goals between Puma Security and client
  • Establish acceptable milestones
  • Conduct assessment reviews on-premise or via conference call
  • Determine remediation steps and timelines


Our team can also help fix the vulnerabilities through our Remediation service.


Compliance

Businesses operating in regulated industries such as financial, insurance and government must address regulatory compliance as resources are moved to the cloud.


Our team helps organizations stay compliant with existing regulations and corporate policies in testing. Do you have questions or concerns about meeting regulatory compliance testing requirements, such as PCI? Contact us to learn more.


Contact us