Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Services > Penetration tests
Go to: HSC Trainings
Télécharger le catalogue des formations
Version française
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o Training courses
o E-learning
o Agenda
o Past events
o Tutorials
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
o HSC Newsletter
o Bulletin juridique HSC
o Press review
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Penetration tests  
blah Services
See also...
o Audit & Assessment
o Vunerability assessment (TSAR)
o HSC ethical and deontological guidelines
o HSC Newsletter
o How to request an intervention
o Theme penetration tests
HSC's traditional penetration tests are a very technical service which aims at compromising, from outside, the security of your information system, thanks to "human intelligence".

This service can have several goals:

  • Prove that the installed security system is inadequate and can be bypassed. This could help managers or IT persons in your company feel implicated.
  • Put into test the security of an environment and qualify its resistance to a certain level of attack. This is a qualification at moment T of the resistance level, and allows to check that a malicious external attacker can not easily penetrate your information system.
  • In addition to a security audit : a penetration test can reveal security problems caused by some inconsistency between elements. Complex interactions are sometimes difficult to apprehend during an audit which focus on architecture, IP filtering, operating systems, web servers, and applications, one by one.

The HSC Offer

HSC proposes three types of penetration tests:

  1. The classical penetration test : to guarantee good results, we recommend not to go over 5 sets of web servers, applications, and related back-office.
  2. The application penetration test, to test a web server, applications, and related back-office.
  3. Red Team exercises.

Each penetration test report re-examines every conducted operation, and allows to replay the tests. Every encountered problem is enumerated, with their criticity level, their exploitation feasibility, and our recommendations about fixes to bring. A paragraph suggests an executive summary, understandable by a non-technical management staff.

A meeting to present the results is recommended when the report is large, to help the interested people to understand the various issues.

Why choose HSC ?

Such a service requires a high technical expertise level, in order to produce a credible result. The HSC agency was one of the first to provide this kind of service in France (cf. talk of 1996 ). Its technical team is familiar with even the latest attack techniques, with a strong experience in software and applications audits, as well as programming languages. Security flaws are mostly situated at the application level.

HSC also runs a vulnerability monitoring service which allows to remain up-to-date about the latest vulnerabilities.

Furthermore, HSC penetration testing methodology is based on over ten years of expertise in the field, supplemented by methodologies such as open OWASP and OSSTMM.

Finally, deontology is a key element which should guide your choice. HSC has been carrying out exhaustive and confidential penetration tests since 1995, to the greatest satisfaction of its customers.

Last modified on 17 September 2012 at 10:23:02 CET - webmaster@hsc.fr
Mentions légales - Information on this server - © 1989-2013 Hervé Schauer Consultants