Penetration Testing

Be in charge of your network. Acknowledge the holes in your systems before the hackers use them against you.

Cyber criminals are on the rise. And no one is safe, however secure you feel your network is. The bad guys have the time and resources to keep prowling the internet for the next prey. If you use computers, laptops, mobile devices, and the Internet you could already be losing something without your knowledge. You need to protect your computer resources. Whether it is a regulatory requirement or an internal security assurance or the need to practice best practices and gain respect of your strategic partners and stakeholders, a pen test is for you if your business uses computers and Internet. Summit Consulting adheres to the OSSTMM & EC-Council penetration testing methodology and code of ethics regarding this level and classification of test.

Our Penetration Testing Services team delivers

Blackbox Pentest

Whitebox Pentest

Network Vulnerability

ICT Security Assessment

Cyber Security


The best way to know how intruders will actually approach your network is to simulate an attack under controlled conditions.

Penetration testing service types:

  • Compliance specific (PCI, HIPAA, SOC2,3, OWASP) or organization penetration tests (Internal and external)
  • Application penetration tests (Web and mobile)
  • Wireless penetration tests (WEP, WPA, WPA2-PSK, WPA2-Enterprise)
  • Social engineering security testing (physical, pre-text calling, and phishing)

Our company will conduct manual verification of exploitable or significant vulnerabilities according to OWASP Application Security Verification Standard (ASVS) level 1guidelines and OWASP Top 10 security standards. Our customized services approach also supports boutique engagements aligned with specific objectives or technologies. Services may include:

  • Code Review
  • Distributed denial of service (DDoS) testing
  • Malware analysis
  • Embedded device penetration testing
  • Technology and platform-specific penetration testing
  • Other customized and threat-focused penetration testing
  • Duration: 2-4 weeks
  • IT infrastructure
  • Public Web Sites
  • Web Applications
  • Mobile Applications
  • Public/Private Clouds
  • Meeting compliance
  • Identifying high risk and unknown vulnerabilities
  • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Providing evidence to support increased investments in security personnel and technology to C-level management, investors, and customers
  • Technical Report with findings details with Executive section
  • Proof of Vulnerability and bug reproduction instruction for each defect
  • Vulnerabilities ranked by Risk level, CWE, CVSS v.2 rank
  • Remediation recommendations and Technical references
  • Presentation and demo that represent key findings
  • Security Auditing report with compliance status