Penetration testing is the next logical extension from vulnerability testing. While vulnerability testing is primarily tool-based and automated, penetration testing is very manual and hands-on.

CynergisTek can perform:

  • Crystal Box Penetration Testing

    Knowing significant information about the target environment, architecture, and/or applications to be tested – usually with coaching from the target around exactly what their goals and potential vulnerabilities should be – is the primary focus of this type of penetration testing.

  • Gray Box Penetration Testing

    Knowing some amount of information about the target environment, architecture, and/or applications to be tested. This type of penetration testing usually includes some coaching from the target as to goals but without any specific information about suspected potential vulnerabilities. This level is also very collaborative in nature and often evolves into more targeted testing around specific focus areas after an initial phase of minimal information testing.

  • Black Box Penetration Testing

    Knowing no information about the target environment, architecture, and/or applications to be tested. This type of penetration testing is initiated completely blind and requires the tester to start from scratch to determine both target assets as well as potential vulnerabilities.

CynergisTek recommends that organizations start with crystal or gray box penetration testing, based on the fact that we feel it is the most cost-effective approach to penetration testing. This approach also provides a far more realistic end result to what the organization would actually experience over time from anonymous hacking sources, since anonymous Internet-based threat vectors enjoy three luxuries that penetration testing consultants don’t:

  • Unlimited time
  • Unlimited motivation
  • Unlimited resources

To be respectful of an organization’s budget, we believe that crystal or gray box penetration testing methodologies offer the best value for our clients and provide the most realistic output for any given engagement.

CynergisTek utilizes a blended framework to achieve our penetration testing results (regardless of the approach/methodology):

  • Network mapping
  • Vulnerability Assessment
  • Vulnerability exploitation
  • Unauthorized access
  • Privilege escalation
Ask An Expert

Learn more about our penetration testing service.

Speak to one of our experts today.
Ask An Expert