Penetration Testing

Penetration Testing and Technical Control Assessment

NTT Security Penetration Testing (Pen Testing) and Technical Control Assessment services provide a comprehensive test of technical security controls, examining network and application layers, internally-developed or commercial applications, wireless access implementations and device configurations.

Standards-Based Methodologies

Standards-based (including NIST and OWASP) methodologies are designed to measure compliance with relevant audit and regulatory requirements, including all testing requirements set by the Payment Card Industry Data Security Standard (PCI DSS).

In-Depth Manual Testing with Proven Expertise

Beyond compliance, expert NTT Security consultants perform in-depth manual testing, complemented by a broad array of tools to provide a complete review of the client’s environments. This detailed security review helps to detect and remediate vulnerabilities in the environment, leading to improved security posture.

NTT Security pen testing consultants have years of experience performing penetration tests on a variety of environments. Having performed thousands of successful penetration assessments, NTT Security methodologies are also proven to greatly reduce the harmful impact of pen testing on client systems.

Client-Customized Assessments

Each engagement begins with a detailed review of the client’s security requirements and objectives. Experienced NTT Security consultants then customize each assessment, with an understanding of the client’s business risks and likely attack vectors, based on NTT Security global research capabilities.

Services include:

  • Network/Infrastructure Security Controls Testing
  • External Penetration Assessment
  • Internal Penetration Assessment
  • Internal Vulnerability Scanning
  • PCI Data Security Standard Segmentation Testing – Network Ingress and Egress Testing
  • Wireless Security Assessment
  • Remediation Support and Validation Testing Services
  • Application Security Controls Testing
  • Application Penetration Assessment
  • Application Vulnerability Assessment
  • Application Vulnerability Scanning
  • Mobile Application Penetration Assessment
  • Remediation Support and Validation Testing Services 
  • Application Security Architecture Review
  • Device (Server/Workstation) Penetration Assessment – Hardening Review
  • Red Team Assessment  (Multi-Vector Attack Simulation)
  • Security Device Configuration Review

Real-World Examples of Attacker Tactics

Throughout the assessment, NTT Security identifies separate individual vulnerabilities. These vulnerabilities alone may not indicate a significant security risk, but when combined or followed sequentially by an attacker, they can comprise a more significant security risk.

This type of testing and analysis provides clients with real-world examples of how malicious actors could potentially attack their environment and can highlight how apparently low-risk vulnerabilities may be used in conjunction with other vulnerabilities to pose a significant risk to the client environment.  

Proven and Sustainable Remediation Recommendations

At the conclusion of testing, NTT Security performs root-cause analysis, searching for remediation actions that can resolve multiple vulnerabilities at once. NTT Security consultants also report proven and sustainable remediation recommendations and can provide validation testing that identified vulnerabilities were eliminated, if required.