Wildcard security assessment services provide penetration testing to its customers that give in-depth insight on how an attacker would use a sophisticated chain of techniques to exploit an information system. We simulate real world techniques to breach your systems and processes so that you will be better able to position yourself to detect and defend against a malicious actor in the future.
Our penetration testing methodology is efficient and repeatable due to our foundation in the Penetration Testing Execution Standard and Open Source Security Testing Methodology Manual. Our methodology provides our customers with the maximum value of its assessment by appropriately scoping the engagement and making certain we meet your expectations.
The Wildcard methodology is to approach each assessment as a partnership with its customer. We will not only discover flaws but we will work with you as advisors to resolve issues and to minimize your attack surface. Each assessment will provide you with knowledge on how you will be attacked, the extent of the impact, and what it would take to eliminate the vulnerability.
Internal/External Network Penetration Test
Wildcard engineers conduct penetration tests from external and internal networks. Attacks simulate real-world network attacks launched by an adversary. The tests validate the efficiency of your current defensive mechanisms while identifying any vulnerabilities or inadequacies.
Wildcard wireless assessments test the security controls associated with your wireless network. We examine the resiliency of access points, the integrity of signals, authentication mechanisms, and encryption protocols are to determine the strength of your wireless security posture. Wildcard’s expertise discovers vulnerabilities that may not typically be known or understood.
Web Application Assessment
Our web application assessments utilize the Open Web Application Security Project (OWASP) framework to determine the security stance of a web application. When we conduct black box assessments of web applications we test the controls around unauthenticated and authenticated sessions to exploit the application.
Wildcard conducts security reviews of your application code as a one-off project or as continuous integration into your Software Development Lifecycle (SDLC). A code review is the most effective way to determine if the software has issues that could be exploited by an attacker. This process identifies vulnerabilities created by application flaws.
The end user is often the weakest link in an organization’s information security and is commonly the initial attack vector. The majority of breaches begin with compromising end users. Our phishing campaign will test your users, the effectiveness of your security training program, and anti-phishing technologies you have in place. Learn more about what Phishing is and how it can impact you here.
Wildcard uses the same methodologies to conduct an assessment of Industrial Control Systems (ICS). Wildcard evaluates the security of systems, process and physical controls to assess the security of these sensitive systems. Wildcard also assesses the security of the software controlling the SCADA/ICS to determine the security of protocols and access controls.
For organizations that do not have a full-time Chief Information Security Officer (CISO) on staff, we offer a virtual CISO to help draft policy and procedures to provide governance over your information security program. This is meant to make sure organizations meet compliance objectives as well as security best practices. We will help strategically align information security with organizational objectives.
Wildcard conducts audits of your systems to determine if you are in compliance (HIPAA/FISMA) or if you are following the current industry best practices. We will evaluate configurations, policy, and procedures across in-scope systems to determine if they are in line with the organization’s IT governance.
Learn more about our Audit Process here.
Wildcard specializes in investigating intrusions performed by malicious actors. We have developed expertise and intelligence that enables its consultants to identify the actions of the attacker, the scope of the compromise and what data was lost. We have a repeatable framework in place to quickly identify the presence of an attacker and remove them to re-establish a secure network.
Learn more about the stages of incident response here.