The Onyx IT Group

Cybersecurity Pentesting

Many penetration tests will give you a big list of problems with little context on how to fix things or what to prioritize. We provide a prioritized list of issues, based on the exploit-ability and impact of each finding using an industry-standard ranking process. You will get a detailed description and proof of concept for each finding, as well as
actionable remediation guidance and reference—including the level of effort required to address each finding.

MENU OF SERVICES
The Onyx IT Group offers a range of penetration testing services to meet your needs. We also offer custom solutions, so be sure to contact us to learn how we can help your organization.

Network Penetration Testing — External and/or Internal
We simulate real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your network infrastructure.

Web Application Penetration Testing
In addition to the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES), our application penetration testing service leverages the Open Web Application Security Project (OWASP), a comprehensive framework for assessing the security of web-based applications, as a foundation for our web application assessment methodology.

Mobile Application Penetration Testing
We leverage the Open Web Application Security Project (OWASP), Open Source Security Testing Methodology Manual (OSSTMM), and Penetration Testing Execution Standard (PTES) methodologies to thoroughly assess the security of mobile applications. As the use of mobile applications continues to grow, consumers and corporations find themselves facing new threats around privacy, insecure application integration, and device theft. We go beyond looking
at API and web vulnerabilities to examine the risk of the application on a mobile platform.

IoT and Internet-Aware Device Testing
Internet-aware devices span from ubiquitous, commercial Internet of Things (IoT) devices and systems to automotive, healthcare, and mission-critical Industrial Control Systems (ICS). Our testing goes beyond basic device testing to consider the entire ecosystem of the target, covering areas such as communications channels and protocols, encryption and cryptography use, interfaces and APIs, firmware, hardware, and other critical areas. Our deep dive manual testing and analysis look for both known and previously undiscovered vulnerabilities.

Social Engineering Penetration Testing
Malicious users are often more successful at breaching a network infrastructure through social engineering than through traditional network/application exploitation. To help you prepare for this type of strike, we use a combination of human and electronic methodologies to simulate attacks. Human-based attacks consist of impersonating a trusted individual in an attempt to gain information and/or access to information or the client infrastructure. Electronic-based attacks consist of complex phishing attacks crafted with specific organizational goals and rigor in mind. We will customize a methodology and attack plan for your organization.

Wireless Network Penetration Testing
We leverage the Open Source Security Testing Methodology Manual (OSSTMM) and the Penetration Testing Execution Standard (PTES) as a foundation for our wireless assessment methodology, which simulates real-world attacks to provide a point-in-time assessment of vulnerabilities and threats to your wireless network infrastructure.

Got Questions? Call Us Now!