pent 001What is a Penetration Test?

A Penetration Test is a security assessment that attempts to identify vulnerabilities in your firewalls, web pages and web applications.  These tests are performed from outside your network (the Internet) and simulate attacks that outside parties would employ to identify vulnerabilities that can be exploited remotely.


Why would I want this?

Penetration tests are like security assessment 101.  These types of tests are the absolute minimum organizations should consider when it comes to security assessment due to the high risk nature of organized Internet based attacks.  Most organizations score well in external tests, which can give them a false sense of security if other areas of the information security program are not addressed (i.e. administrative, physical and internal IT security controls).

  • Regulatory compliance requiring a security assessment
  • A valued customer is requiring one
  • You’ve seen high profile breaches on the news and wonder how secure you really are
  • You’ve never done any type of security assessment and you want to start somewhere


What makes Gratia, Inc. different?

There are many significant value propositions that our clients realize. Examples include:

  • Gratia, Inc.’s Methodology – Gratia, Inc. is using a proprietary approach to assessing information security risks.  It’s more than a checklist of questions and recorded answers.  Our approach gives you a full picture of your risks – prioritized and rated – with recommended solutions, so you know which security investments will have the greatest impact.
  • Full Transparency – Gratia, Inc. strongly believes in empowering our customers.  The more knowledge transfer that occurs during our engagement, the more value our customers recognize.  Gratia, Inc. fully discloses the methods, tools, and configurations used to perform analysis work for our customers in the hope that they can easily adopt our processes for their future benefit.
  • Product Agnostic – Gratia, Inc. does not represent any third-party products or services; on purpose.  Our projects and recommendations stand on their own, with no ulterior motive to sell you things you don’t really need.


What are the deliverables I should expect?

We consistently get great feedback on our reporting style. Gratia, Inc. has spent years developing reports that communicate assessment results in clear, easy to digest ways, that are appropriate for both technical and non-technical audiences.  Typical deliverables out of an information security assessment include:

  • Executive Summary Report
  • Full Report
  • Action Plan and/or Road Map


What does a Penetration Test cost?

At Gratia, Inc., every project is custom designed for our clients.  We take into account your organization’s size, complexity, industry, compliance requirements, and most importantly, your actual needs.  Because of our tailored approach, all you need to do is spend a few minutes on the phone with our team to make sure we are delivering exactly what you need and want.