Physical Penetration Testing

The primary objective for a physical penetration test is to measure the strength of existing physical security controls and uncover their weaknesses before bad actors are able to discover and exploit them.

Overview

The primary objective for a physical penetration test is to measure the strength of existing physical security controls and uncover their weaknesses before bad actors are able to discover and exploit them. Physical penetration testing, or physical intrusion testing, will reveal real-world opportunities for malicious insiders or bad actors to be able to compromise physical barriers (ie: locks, sensors, cameras, mantraps) in such a way that allows for unauthorized physical access to sensitive areas leading up to data breaches and system/network compromise.
This type of test is an attack simulation carried out by our highly trained security consultants in an effort to:
Identify physical security control flaws present in the environment
Understand the level of real-world risk for your organization
Help address and fix identified physical security flaws
ASC’s physical penetration testers have experience infiltrating some of the most secure environments the same way bad guys would. They leverage this experience to zero in on critical issues and provide actionable remediation guidance.

Approach

ASC’s web application penetration testing service utilizes a comprehensive, risk-based approach to manually identify critical application-centric vulnerabilities that exist on all in-scope applications.
1. Information Gathering
2. Threat Modeling
3. Vulnerability Analysis
4. Exploitation
5. Post-Exploitation
6. Reporting
Using this industry-standard approach, ASC’s comprehensive method involves the OSSTMM and a proprietary approach developed through the years that includes, but not limited to: Passive Reconnaissance, Open Source Intelligence (OSINT), Active Reconnaissance (drones, onsite covert observation), Vulnerability Identification, Exploitation, Post-Exploitation and more.

Tools

In order to perform a comprehensive real-world assessment, ASC utilizes commercial tools, internally developed tools and the same tools that bad actor might use on each and every assessment. Once again, our intent is to assess systems by simulating a real-world attack and we leverage the many tools at our disposal to effectively carry out that task.

Reporting

We consider the reporting phase to mark the beginning of our relationship. ASC strives to provide the best possible customer experience and service. As a result, our report makes up only a small part of our deliverable. We provide clients with an online remediation knowledge base, dedicated remediation staff and ticketing system to close the ever important gap in the remediation process following the reporting phase.
We exist to not only find vulnerabilities, but also to fix them.