Network Penetration Testing

SIEM & Log Management
December 9, 2013
Network Architecture Review
December 11, 2013

Our expertise and past experience in penetration testing makes us trusted penetration testing partner. By utlizing our penetration testing services, an organization can baseline its current security posture, identify threats and weaknesses, and start implementing remediation strategies. By identifying risk exposures and highlighting what resources are needed to correct them, we provide not only the basis for a security action plan, but also the compelling events, due diligence and partner interface protocols necessary to establish information security as a key corporate initiative. Torrid’s penetration testing services provide the best information security portfolio to its clients using its intellectual capital and expertise.

A penetration test offers an invaluable and compelling way to establish a baseline assessment of security as seen from outside the boundaries of the organization’s network. More importantly, we provide a blueprint for remediation in order to start or enhance a comprehensive information protection strategy.

Penetration Testing Approach and Process

Penetration testing simulates covert and hostile network attack activities in order to identify specific exploitable vulnerabilities and to expose potential entryways to vital or sensitive data that, if discovered and misused by a malicious individual, could pose increased risk and liability to the organization, its executives and shareholders. Our qualified security consultants perform penetration tests attempt to gain access to online assets and company resources through the network, servers and desktops, from either the internal or external perspective, much like an intruder would. These results clearly articulate security issues and recommendations and create a compelling event for the entire management team to support a security program.

At Torrid Networks, our penetration testing services provide a more complete view of the IT infrastructure security. Testing is performed from a number of network access points, representing each logical and physical segment. Penetration testing is conducted with the help of automated scanners, custom scripts followed by in-depth manual security testing against various network components. We follow time proven industry standard procedures towards penetration testing as follows highlighted below:


Our assessment covers full range of the threat spectrum, from the presence of an antivirus engine to the presence of malicious code to vulnerabilities that might enable denial of service and other sophisticated attacks. We follow robust methodologies, use products that carries the most up to-date vulnerability research available, and they must possess creative instincts to manipulate the tools in both typical and unconventional ways. Finally we deliver clear, unambiguous results that address both the technical and business objectives of the client.

Penetration Testing Benefits

  1. Identify the threats facing your organization’s information assets so that you can quantify your information risk and provide adequate information security expenditure.
  2. Reduce your organization’s IT security costs and provide a better return on IT security investment (ROSI) by identifying and resolving vulnerabilities and weaknesses. These may be known vulnerabilities in the underlying technologies or weakness in the design or implementation.
  3. Provide your organization with assurance – a thorough and comprehensive assessment of organizational security covering policy, procedure, design and implementation.
  4. Gain and maintain certification to an industry regulation (ISO 27001, HIPAA, PCI, etc.).
  5. Adopt best practices by conforming to legal and industry regulations.

Penetration Testing Deliverable

1. Management Report

A high-level executive summary report highlighting the key risk areas and the impact from successful exploitation of vulnerabilities

2. Technical Vulnerability Report

A detailed report about security issues discovered, CVE, Bugtraq and vendor references for these, recommendation to address these issues.

3. Best Practices Document

Guidelines based on industry standards and regulations for compliance with IT standards and best practices.