Ethical Hacking Services

Why test your security?

According to a report by Cyvelliance, more than half of all malicious attacks delivered via the Web go undetected by anti-virus software. This is costing organizations millions of dollars in business loss; with the most damaging attacks taking the form of viruses, unauthorized access and theft of proprietary information.

NetWorks Group’s Ethical Hacking (EH) Service is the most effective way to test a security system on behalf of its owners by uncovering vulnerabilities that could be exploited by a malicious hacker. The methods utilized in Ethical Hacking are similar to malicious hacking but have a different objective. Instead of exploiting problems to harm the owners; problems are discovered and reported so that they can be fixed before a breach occurs.

Our approach to security testing 

NetWorks Group utilizes a proven methodology for testing the security controls in place. Whether it’s Web-facing mission critical applications, network infrastructure or the wireless network. Testing is tailored to the client’s specific needs and can be performed internally or externally; from a focused drill-down on a particular aspect of the environment to an outside stealth approach.

Our Ethical Hacking Service is performed by a dedicated team consisting of highly-skilled, focused and experienced security consultants. We’re familiar with current attack methods and techniques used to exploit system, network, web application, and modem vulnerabilities. Through our continued research and experience, we are continuously adding to our intrusion testing techniques. We test for over 25,000+ known vulnerabilities, logic flow problems, and other risks. Not all vulnerabilities fall under the category of a specific published vulnerability. Accordingly, we employ a proprietary library of manual tests and custom developed tools that are used to check for hard-to-find vulnerabilities, as well as the finest commercial and public domain tools.

No false positives

Many of our clients have told us that security assessment reports that have received from other security firms or tools they have run themselves contained false positives (vulnerability is reported where none really exists).  Inaccurate findings create more work for you and your team.  False positives also undermine confidence in the overall report.  NetWorks Group's methodology ensures that our findings reports never contain false positives.

Our Methodology

NetWorks Group has a proven repeatable process to ensure that you will receive accurate, actionable findings that are prioritized and fully explained to all stakeholders.

  • Discovery
  • Vulnerability Scan
  • Verification and manual testing
  • Exploit
  • Findings Reported
  • Heavy emphasis on deliverables
  • Clear and accurate information conveyed on both a technical and business level.
  • Project Management and constant clear communications throughout the engagement

Our People

  • Dedicated Ethical Hacking Team based in Washington DC area
  • Average Experience of 10 years in IT Security
  • Department of Defense Top Secret Clearances
  • Industry Certifications
    • Certified Information Systems Security Practitioner (CISSP)
    • Qualified Security Assessor (QSA)
    • Certified Information Security Auditor (CISA)
    • National Security Agency INFOSEC Assessment and Evaluation Methodology (NSA IAM/IEM)
    • Certified Ethical Hackers (CEH)
    • Various Vendor Certifications

Project Flow

  • Kick Off Meeting
    • Verify active scan times to minimize disruption
    • Establish a critical contact path between IT staff and NWG personnel
    • Address all IT concerns prior to start of the Ethical Hacking engagement
  • Daily Status Reports
    • These are interim findings reports
    • Critical findings are communicated immediately to the designated point of contact
    • Many clients have told us these reports exceed their expectations for final deliverables
  • Risk Classification Findings
    • We use a proven, easy to understand methodology to prioritize all findings.
  • Executive Presentation Of Findings
    • Reports are presented, typically in person, and explained to both technical and executive audiences

Summary of Benefits

  • Accurate point in time picture of your vulnerabilities and the potential impact on your organization
  • Clear guidance for remediation
  • Deliverables
    • Daily Reports
    • Summary of Findings
    • Technical Description of Findings
    • Prioritized Recommendations
    • Executive Summary