Penetration Testing Services
Agio’s penetration testing experts evaluate the security of your IT assets from the vantage point of a malicious hacker. More targeted than vulnerability assessments, pen tests are designed around a specific goal – to access and compromise protected resources.
More than just a scan, our penetration tests are performed using both automated tools and manually by a team of talented security engineers who operate with the highest level of integrity and professionalism. We will show you what we did and how we did it – scanning for vulnerabilities, enumerating attack vectors, and running exploits. All of your results are provided in our reports. Then we recommend remediation such as software patches, configuration changes, and other fixes.
With the proliferation of software-as-a-service (SaaS) offerings, interconnected web applications, mobile apps, and APIs, a strong application security program in healthcare organizations is more important than ever.
Agio’s application assessment methodology is guided by the OWASP Top Ten Lists of web application and API vulnerabilities. To protect against data theft, ransomware, and other threats, continuous application security testing has become indispensable to ensuring security, confidentiality, and availability.
While sharing many of the potential vulnerabilities of web applications, mobile application penetration tests focus even more on client-side security, file systems, hardware, and connectivity. In recent years, mobile devises and apps have also emerged as frequent targets for phishing schemes and harmful malware.
Software Development Lifecycle Review (SDLC)
Software development life cycle frameworks define the process that organizations use to build applications from start to finish. It is invaluable to “build-in” security controls during the application development process by adhering to best practices, adding security reviews at each stage of development, and full testing prior to release.
Social Engineering Testing
People continue to be the least secure “endpoint” in most organizations. In fact, no matter how strong your security technology protections and compliance policy controls, no program can truly be effective without a “cyber aware” workforce. Here are some of the customized training, testing services and simulated attacks we offer:
The most frequent type of social engineering attack, phishing, is generally described as sending a fake email to a person, group, or company. Fake attachments or bogus links can infect computers and networks with dangerous viruses and malware.
Spear phishing is a more targeted phishing attack –often directed at senior level executives, corporate departments, or specific individuals within an organization.
Vishing attacks rely on phone calls, direct line, auto-dialers or may even involve infiltrating or imitating an interactive voice response (IVR) system.
Smishing refers to fake requests, messages, links or attachments sent by SMS text.
This involves a scripted scenario such as convincing the target to dial into a phony help desk/call center or login to an online meeting. Pretexting can also be used in person to gain access to a secure facility by using a fake ID, employee badge, etc.
Using digital devices giveaways (such as USB drives) infected with viruses, “call home” applets, or other malware.
Accepting the help of an authorized person to gain access to restricted area where sign-in, or other security checkpoint is present.
Open source intelligence gathers information (both publicly-available and dark web) on employees or executives to inform our social engineering campaigns and provide further protection for your organization.
Security Awareness Training
With onsite training and 24/7 access to a full library of courseware, we provide customized social engineering programs that enable you to test your employees in context and measure their results over time.