Penetration Testing

Our Penetration Test Assessment uses a comprehensive and intelligent approach that includes a unique roadmap

eScope Solutions offers External Penetration testing for those clients that would like more in-depth information than can be achieved with a basic vulnerability assessment. A vulnerability assessment may reveal a risk while a penetration test explores the risk and attempts to exploit it. In this manner, management will be advised if the risk is an actual exploitable vulnerability. Our Penetration Test Assessment uses a comprehensive and intelligent approach that includes a unique roadmap. Here is a brief explanation of the key points:

Reconnaissance- Identification of all external (Public) facing IP address. eScope Solutions’ Pen testers gather information about the client’s external network.

Discovery- Port scanning, fingerprinting of operating systems, and version info

Research and Evaluation- Testing for vulnerabilities, password guessing, and manual checking of services

Manipulate and Exploit- Manipulate the found vulnerabilities and attempt to exploit them

Report- on findings.

Comprehensive testing will include port scanning, OS identification, service detection, password cracking/guessing, web vulnerabilities, and configuration errors. eScope Solutions’ Pen Testing Team uses a blend of field experience, leading edge open source tools and commercial utilities to accurately gauge points of vulnerability in your network systems.

Even the best firewalls, routers, intrusion detection and network servers can be vulnerable with a flawed security configuration. Real peace of mind about the credit union’s Data Protection can be achieved only by rigorously testing the effectiveness of your network safeguards. All testing is performed remotely from eScope Solutions’ SOC.

Reports & Review

eScope Solutions provides a comprehensive report with all vulnerability findings and exploiting vulnerability conclusions delivering both an Executive Summary and a Detailed Technical sections. The report includes descriptions of all detected vulnerabilities, their level of severity, what devices are affected and all findings and conclusions.

eScope Solutions provides a brief overview of our report as part of this service. If additional support assistance is needed eScope provides remediation services through our Network Support Agreements.

Penetration Testing PackagesStandardPremium
Assurance level Simulates the basic (drive-by) hacker or "Script kiddie" with limited time, tools and skill sets that might not be targeting you specifically. This hacker may stumble upon your external IP during a sweep and will focus little attention to you unless he notices an obvious security problem. Simulates a professional hacker that will pose a persistent threat to your organization that has more time, tools and is more skillful in his hacking techniques. This hacker has intent and wants to find weaknesses to exploit in order to gain access to your private network.
Analysis Duration ~10 Hours ~ 30 Hours
Reconnaissance Phase
Informational Assets No Yes
Content Scanning No Yes
Foot Printing (Vulnerability Assessment)
IP Determination By Client By Client or Discovery Scan
Ports Analyzed 5,000 Ports (most common) 65,535 Ports
Protocols TCP & UDP TCP & UDP
Privileged Scanning No Yes
IDS/IPS Evasion IPS must be disabled IPS disabled or enabled
Network Devices Yes Yes
Exploit / Intrusion Phase
Exploits Utilized Known Exploits Exploit Research as Required
Password Cracking None (commonly known) Yes


Contact us to learn how eScope Solutions can help your credit union.