Test Your Environment to Prevent Security Incidents

During these assessments, CDW’s penetration testers play the role of real-world attackers by targeting your critical information assets. While some vendors rely primarily on automated vulnerability scanning, CDW’s expert team also incorporates their comprehensive understanding of business networks and systems during their manual testing to provide a more holistic testing approach. 

Application penetration testing from CDW can identify and help you understand your risk of exposure in your applications. This testing will uncover security vulnerabilities to better understand your security posture and test your readiness to withstand and respond to real-world cyberattacks.

The manual-based approach by our knowledgeable professionals can help protect your sensitive information and assets by:

• Working with our team to develop a custom scope that takes into account the security needs and requirements of your organization
• Identifying critical application weaknesses through an in-depth, manual-based testing methodology
• Demonstrate how vulnerabilities would be exploited by actual threat actors to compromise asset and user security
• Provide recommendations regarding remediation strategies and timelines, allowing your organization to focus on the most critical risks first

CDW’s application penetration testing services consist of:

• Web applications
• Application Programming Interface (API) endpoints
• Mobile applications – iOS and Android
• Thick client applications

CDW’s penetration testing team will simulate the techniques and tradecraft of real-world cyber attackers that relate directly to the client's environment and assessment concerns.  CDW’s adversarial simulation includes:

Scenario-Based Test:

• Highlights both risks and impacts associated with a specific breach scenario, typically involving internal client networks
• Includes testing security controls and resiliency using a mutually agreed-upon scenario(s)
  

Red Team Assessment:

• Covert assessment to test user security awareness, incident response and technical controls of your security program
• Identify previously overlooked or unknown avenues of attack that may be exploited by real-world threat actors
• Includes attempts to penetrate the external network perimeter, establish a foothold in the internal environment and accomplish specific attack objectives that are mutually pre-defined with your organization
  

Performing a social engineering assessment will help understand how effective security awareness training and procedures are in preventing threat actors from getting valuable corporate information directly from your employees.

CDW’s social engineering services consist of:

• E-mail based phishing – persuade users to click links, submit credentials or execute a malicious payload
• Phone-based phishing (“vishing”) – persuade users to divulge information or perform an action that could be leveraged to gain access to an organization
• On-Site Physical Social Engineering  – assesses the effectiveness of physical security controls, employee awareness and training
• Open-Source Intelligence (OSINT) Gathering – identify what information is publicly available which can be leveraged to conduct a targeted attack against the organization

CDW’s targeted attack penetration test focuses on evaluating and exploiting common attack paths found in your environment. Our security team will work to explore your potential risk exposure and provide recommendations on how to remediate the findings identified during the test. Evaluating your organization’s defences against common tactics will enable you to meaningfully improve your organization’s security posture, and help you prepare for future security events.

Targeted Attack Penetration Test Overview (PDF)