Cybersecurity Assessment

Our risk-informed analysis empowers our clients with the information they need to make decisions that are strategically aligned with their organizational goals.

Our Methodology

Our philosophy is that good testing requires good planning. However, good testing also requires a “look around” to understand the system as it really is used — in a way that cannot be ascertained from a specification document. As a result, we provide an equal mix of three different approaches to cyber security testing: 1) prescribed functional tests for security features (to ensure they work as they are expected), 2) exploratory testing of the application to determine weak points, attack vectors and missing or extra functionality, and 3) automated testing for common, high risk vulnerabilities.

For this reason, iMC’s security testing methodology is based on the standards set forth by the Open Web Application Security Project (OWASP). In the past, the security industry has lacked a comprehensive security framework for classifying vulnerabilities based on the potential damage that would be experienced by the organization under attack. Furthermore, OWASP supports government agencies by providing software tools and knowledge-based documentation to protect against identified threats. Based on our team’s extensive industry experience, OWASP has filled this gap by providing impartial, practical information about Application Security to organizations worldwide.

OWASP
A1: Injection
A2: Broken Authentication and Session Management
A3: Cross-Site Scripting (XSS)
A4: Insecure Direct Object References
A5: Security Misconfiguration
A6: Sensitive Data Exposure
A7: Missing Function Level Access Controls
A8: Cross Site Request Forgery (CSRF)
A9: Using Component with Known Vulnerablilities
A10: Unvalidated Redirects and Forwards

Our Approach

Our approach to cyber security external penetration testing is a to employ a three-step process for developing and executing test cases:

Threat Modeling

Exploratory tests are performed, based on publicly available knowledge, specification documentation, system understanding, industry experience, etc.

Vulnerability Testing

Individual vulnerabilities are tested, based on an understanding of the threats previously identified in the threat modeling exercise.

Risk Identification

Finally, any vulnerabilities realized during the testing phase are classified based on the risk of exploitation they represent.

Request a Callback

To discuss your specific consulting needs, request a phone call back. Submit your info and one of our advisers will get back in touch. Your needs are important to us.

Callback Request Form

Our Team

iMC brings a team of highly-technical, security professionals that are uniquely equipped to exploit weaknesses in the same manner that unethical hackers/attackers would. While iMC utilizes a number of security professionals with various skill sets, our key team members come with some of the following credentials:

Award winning security work
  • Trained Department of Defense (DOD), White House, US Marine Corps, Navy, Air Force, Lockheed Martin, etc.
  • Taught Ethical Hacking in all 50 states and 10+ countries
  • Lead Instructor on Cyber Threat and Response Exercises for all Military Branches
  • Information Assurance & Defensive Cyber Operations – US Army
  • EC Council Instructor of the Year (2014)
  • Former government CISO & Top 100 CSO in the USA by CISO Magazine
  • SANS – GIAC Curriculum Developer & Instructor & International Advisory Board
Member Organizations
  • FBI Infraguard
  • ISSA
Team Certifications
  • CISSP, GICSP, CISSP, GCFA, GSEC, GCIH, GCIA, GCWN, GPEN, GSEC, GSNA, CISA, C|HFI, C|EH, CISM, CCSA, CCSE, CCNA, CDE, CNA, MCP, MCDBA, MCITP, Security+, Certified Trainer