Vulnerability scans : This is an entry-level approach that scans your environment for known vulnerabilities in hardware and software, one of the most common entry points for an attacker. If you have not done a pentest before, start here!

OWASP Application Security Verification Standard (ASVS) Assessments : Take the guesswork out of pentests by applying an industry-standard level of rigor and process. Level 2 assessments include different depths of architecture and code review to ensure complete coverage of your application.

Level 1 is a strong base meant for lower-risk applications.

Level 2 is for applications that contain sensitive data (financial, health data, personal information), which requires more protection.

Level 3 is for the most critical application – applications that perform high value transactions contain extremely sensitive data or any applications that require the highest level of trust.

Pentests : A full pentest typically includes manual, hand crafted attack techniques as well as automated scans using both commercial and custom developed pentest tools. Full pentests are a more realistic simulation of the activities of a more sophisticated attacker.

Black Box Pentest : Testers ethically attack a system that they have no prior knowledge and interaction with the system. Testers only get to the external user interface. This testing method identifies vulnerabilities in a system that are exploitable from outside the network.

Gray Box Pentest : Testers have access and knowledge levels of a system user. This testing method provides more in-depth assessment on the system and identifies the greatest risks and countermeasures.

White Box Pentest : A sophisticated type of testing that testers act as an internal user with full access to the operation and architecture of the system. This pentest type takes the longest time to complete. It provides a comprehensive assessment of both internal and external vulnerabilities.

Social Engineering Pentest : A type of testing that manipulates staff of a business to disclose sensitive information that is valuable for a future attack. It can be taken place online and offline. This testing method provides an understanding of staff awareness of security issues.

Physical Pentest : Testers attempt to compromise a business’ physical barriers to gain access to employees, systems, and IT assets. This testing method exposes the weaknesses of physical controls, including, locks, cameras, or sensors.