CYBER SECURITYPenetration Testing Services

1. Identify if realistic threats exist that could allow a malicious user or hacker to penetrate your systems, disrupt your operations, steal data or execute malwares.

2. Provide an accurate snapshot of your technology security risks.

3. Get quick results to address prioritized security vulnerabilities.

4. Verify if your security posture is comprehensive across all network and system components encompassing the various endpoints and interconnections.

5. Ensure an in-depth review of the level of compliance with current enterprise best practices for security configuration, patches and related procedures.

6. Help build a strong and secure infrastructure platform to avoid internal or external attacks, by providing a detailed plan for remediation.

Key Elements of MNP’s Penetration Testing Services

How Secure is Your Operation?The threat of malicious users and hackers trying to steal confidential data and disrupt IT systems is a growing risk for businesses. To ensure the availability of critical systems and protect sensitive data, organizations need to implement appropriate controls in order to detect and prevent intrusions. The best way to assess the effectiveness of such controls is to hire someone who will act as a hacker and try breaching into your systems. MNP helps you by performing professional penetration testing services that include the following benefits:

• A skilled team of professionals with demonstrated expertise, professional certifications and significant work experience.

• A full suite of professional tools and an in-house security lab to test vulnerabilities and scripts.

• A robust and proven methodology based on detailed work plans tailored to achieve your unique requirements.

• Deliverables aligned with the highest global quality standards throughout our engagements.

• The best value, with experienced senior consultants who provide solutions for your immediate needs and long-term objectives.

Our penetration testing methodology is pragmatic, risk-driven and aligned with the requirements of industry best practice, regulatory and compliance standards, as well as internationally accepted frameworks, such as: OSSTM (Open Source Security Testing Methodology), SANS penetration testing approach, NIST 800-115 Technical Guide to Information Security Testing and Assessment, CREST (Council for Registered Ethical Security Testers) and the Open Web Application Security Project (OWASP) Top 10.

Our experienced security experts have extensive experience practicing in this domain and bear professional certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA).

MNP’s comprehensive approach includes identifying network, application, physical and human vulnerabilities that an attacker will leverage to successfully breach your organization’s cyber security. We perform white-box, grey-box and black-box testing, replicating what a true attacker would be doing, with various levels of “insider” knowledge. In the case of black box testing, our consultants attempt to leverage various channels of attack, without any advance knowledge of your technology or organizational structure.

MNP’s Methodology

Scoping and Planning

• Understand the context and environment of the testing

• Define the type of testing to perform and the systems to be tested

• Identify key stakeholders and project planning / management

Analyzing and Reporting

• Analyze the data and reduce false positives

• Immediately report on critical risks

• Redaction of an executive summary and technical report, with severity ratings and practical recommendations

Testing

• Execute the test plan

• Communicate start / end of the testing

• Immediately report any critical vulnerability

Test Preparation

• Obtain technical details such as: IP addresses, configuration files, etc.

• Test the connection of automated tools

• Document and communicate the test procedures

Our approach takes into consideration your specific business needs and the critical operations of your business to avoid any disruption and provide the most cost-effective assessment. To do so, we meet with your project manager prior to any testing to ensure a clear, agreed-on plan.

MNP’s testing provides clear evidence of any successful intrusion, with screenshots or other visual representation of the penetration. We supply prioritized and practical solutions in a structured report, with relevant content for both managerial and technical audiences.

Detailed List Of Our Technical Security Testing Services

Technical Testing Details

Black-Box Penetration Testing

Simulate realistic attacks in a controlled manner, using a range of hacker techniques and tools, from gathering publicly available information on your company and probing systems for exploitable vulnerabilities, to performing brute force attack on authentication channels and executing specific attack scenarios.

Social EngineeringTest the effectiveness of your security policies relating to employees. Techniques used include email spoofing, spear phishing, USB drop campaigns and other deception methods.

Network Vulnerability Scanning

White-box security testing to identify known vulnerabilities and weaknesses across your systems environment. We perform an assessment of your networks, operating systems, servers, databases and network devices to deliver a customized report that presents prioritized issues.

Web Application Vulnerability Assessment

Check web-based application code weaknesses, such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF) and lack of input validation or session ID security. MNP uses OWASP Top 10, SANS CWE Top 25 and CERT secure coding guidelines for this assessment.

ABOUT MNP

MNP is a leading national accounting, tax and business consulting firm in Canada. We proudly serve and respond to the needs of our clients in the public, private and not-for-profit sectors. Through partner-led engagements, we provide a collaborative, cost-effective approach to doing business and personalized strategies to help organizations succeed across the country and around the world.

Praxity AISBL is a global alliance of independent firms. Organised as an international not-for-profit entity under Belgium law, Praxity has its executive office in Epsom. Praxity – Global Alliance Limited is a not-for-profit company registered in England and Wales, limited by guarantee, and has its registered office in England. As an Alliance, Praxity does not practice the profession of public accountancy or provide audit, tax, consulting or other professional services of any type to third parties. The Alliance does not constitute a joint venture, partnership or network between participating firms. Because the Alliance firms are independent, Praxity does not guarantee the services or the quality of services provided by participating firms.

To find out what MNP can do for you, contact your local MNP advisor.

Visit us at MNP.ca

0811C-15