Penetration Testing Services
Demonstrate Real-World Risk
The best way to know how intruders will actually approach your network is to simulate an attack under controlled conditions. Our Penetration Testing Services team delivers network, application, wireless, and social engineering engagements to demonstrate the security level of your organization's key systems and infrastructure. This simulation of real-world attack vectors documents actual risks posed to your company from the perspective of a motivated attacker.
The post-assessment analysis presents logical groupings of one or more security issues with common causes and resolutions as a finding, which allows Rapid7 to quantify and prioritize the business risk to an organization. An actionable findings matrix can be used as an overarching workflow plan that can be tracked within the security organization. This plan is intended to assist the remediation team in prioritizing and tracking the remediation effort; consequently, each finding has been categorized according to its relative risk level and also contains a rating as to the amount of work and resources required in order to address the finding. Each finding also contains hyperlinked references to resources and provides detailed remediation information.
Understand Real-World Risks
Rapid7 conduct penetration tests from inside and outside your network to identify risks and help you to prioritize remediation. Types of penetration tests include:
- Internal and external network penetration tests
- Web and mobile application penetration tests
- Wireless penetration tests
- Social engineering security testing (physical and electronic)
Our customized services approach also supports boutique engagements aligned with specific objectives or technologies. Services may include:
- Code Review
- Distributed denial of service (DDoS) testing
- Malware analysis
- Embedded device penetration testing
- Technology and platform-specific penetration testing
- Other customized and threat-focused penetration testing
Customers pursue penetration tests for a number of reasons including meeting compliance requirements such as PCI, complying with best practices such as OWASP, and ensuring that they meet contractual requirements. The Rapid7 security assessment contains detailed remediation information and prioritized recommendations on which to pursue first.
Rapid7 penetration testing teams are renowned experts who conduct over 500 penetration tests per year. Team members are security experts who are frequently asked to present at leading industry conferences including BlackHat and Defcon. Rapid7 encourages penetration testers to pursue their own research and penetration testing team members are able to leverage the expertise of Rapid7 Labs.