Selecting a Reputable Security Testing Company?

When choosing a security testing company to perform penetration testing, red teaming, etc., there are a few things you should consider to guarantee that you find the optimal company for your situation. Read more on that topic here: https://penconsultants.com/compare

Remote-Only vs. On-Site Testing?

REMOTE: Other than Wireless Testing, this is the default for all testing services.  The security tester never physically visits your site. Although a remote evaluation will not address “physical” attacks, it will ensure you have a measured level of security from remote threats. ON-SITE: The security tester goes on-site on Read more…

Should we white list the tester’s IP in our firewall?

Should security testing (vulnerability scanning, web app pentesting, etc.) be performed through a full protection stack (firewall, IPS, WAF, email filter, etc.), or should the tester’s IP be white listed? Bottom line: You are highly encouraged to white list the tester’s IP. The faster we can identify your vulnerabilities, the Read more…

What is the meaning behind your logo?

Our company slogan is, Rock Solid Security, which is based on Matthew 7:24.  The hardest rock on the Earth is a diamond. Our logo is a diamond molecule, flattened to a 2-D image, with the string, Rock Solid Security, in binary, encircling it.

Why post sample pricing?

You may ask, “Why do you post your prices given that it varies from client to client?” We want our prospective clients to have ballpark pricing for our testing services.  The majority of our services are performed by a highly skilled tester and involve some manual testing and tasks (instead Read more…

Gray Box vs. Black Box vs. White Box Testing?

The balance of white/black box testing is a decision you will ultimately make based on your budget, risk concerns, and internal policies. PEN Consultants can help you determine the balance of testing you need during the no-obligation scoping phase. Bottom line: White box testing is always going to give you Read more…

Do you offer Insider Threat Simulation?

Absolutely! Insider Threat Simulation services fall nicely under our Red Teaming services. However, we can model the threat under just about any of our services: web app testing, penetration testing, wireless assessments, etc. OUTSIDER’S PERSPECTIVE: Standard testing is conducted from an outsider’s perspective. This usually means the network is attacked Read more…

Why are there different tiers of service?

Some have asked why each testing service has tiers, seeing that some of the lower tiers do not have commonly offered features such as debriefings, detection/mitigation assistance, remediation verification, or in some cases, even a customized report. We attempt to remain as a la carte as possible with the features Read more…

How am I kept informed during an engagement?

Clients often want to know the progress during testing, and sometimes IT/SOC staff want to know if a recent change in a configuration or activity is related to our testing (vs. a possible unauthorized attacker). Because of this, during testing, we relay information in the following ways: Secure communications and Read more…

© PEN Consultants, LLC 2013 -