At McCormack Cyber Solutions (MCS) we provide a wide variety of security services with a special focus on offensive security also know as penetration testing. Below are some of our most common offerings, but if you don't see what you need please reach out to us here to discuss how we may be able to help you!
You may also request an example report here!
Web and API Penetration Testing
Web application and API penetration testing is an essential process for any organization that values the security of their online assets. This testing involves simulating real-world attacks on web applications and APIs to identify potential vulnerabilities and security weaknesses that can be exploited by attackers.
Our expert penetration testers use the latest techniques and tools to thoroughly test your web applications and APIs. As part of this process we will leverage automation where it makes sense, and validate any findings from this manually. The majority of our testing process however involves manual exploitation attempts. MCS uses industry standard methodologies to evaluate the security of your applications such as the OWASP Application Security Verification Standard (ASVS).
Mobile Application Penetration Testing
Mobile application penetration testing is an increasingly popular service in today's app driven world. This testing involves simulating real-world attacks on mobile applications, and their supporting web services, to identify potential vulnerabilities and security weaknesses that can be exploited by attackers.
Our team of expert penetration testers use the latest techniques and tools to evaluate your mobile application's security posture thoroughly. As part of this process we will perform both static (SAST) and dynamic (DAST) analysis of your Android or iOS mobile application, and perform additional testing of additional services utilized by the app such as an API. MCS uses industry standard methodologies to evaluate the security of your applications such as the OWASP Mobile Application Security Verification Standard (MASVS).
Network Penetration Testing
Network penetration testing involves simulating real-world attacks on internal or external network targets. This testing is generally performed without credentials to the network simulating an attacker externally, or an attacker who has gained access to a local network of the organization.
Our team of expert penetration testers use the latest techniques and tools to evaluate your network's security posture thoroughly. As part of this process we will leverage automation in the form of vulnerability scanners where it makes sense to dedicate the majority of our time to manual testing of potential vulnerabilities and misconfigurations we discover. MCS uses industry standard methodologies to evalute the security of your network such as the Penetration Test Execution Standard (PTES)
Vulnerability assessments and penetration testing are two types of security assessments that are often used interchangeably. However, they are two distinct types of assessments that serve different purposes.
A vulnerability assessment is a process of identifying and prioritizing potential vulnerabilities in a system or network. It involves using automated tools to scan and analyze the system or network for known vulnerabilities. The results of a vulnerability assessment provide a list of potential vulnerabilities along with their severity ratings and recommendations for remediation.
MCS utilizes a combination of appropriate automated tools in the process of detecting potential vulnerabilities during a vulnerability assessment. Where possible we will validate the findings for accuracy to reduce the occurrence of false positives.