Frequently Asked Questions
Does SecurityMetrics conduct Denial of Service (DoS) attacks?
No. If we feel that performing an exploit could result in a DoS condition, that exploit will not be conducted. Instead the exploit will be included in the final report so the customer can run the exploit in a test environment rather then against a production system.
Do I have to whitelist any IPs during the engagement?
Not Initially. We begin the engagement as a typical user. This allows our customers to benchmark their IPS/IDS and web application firewall (WAF) to see how they respond to an actual attack. If no flags are raised and our traffic goes unnoticed, the IDS/IPS and WAF are either not working correctly or are not properly configured.
What if SecurityMetrics does not find any vulnerabilities?
Roughly 75% of customers fail the initial penetration test with at least one medium risk vulnerability. During the remediation process, we work directly with your team to ensure the environment is properly secured. The 25% that pass their initial penetration test have the assurance of knowing that their environment is protected against the latest attack techniques.
No. If we feel that performing an exploit could result in a DoS condition, that exploit will not be conducted. Instead the exploit will be included in the final report so the customer can run the exploit in a test environment rather then against a production system.
Do I have to whitelist any IPs during the engagement?
Not Initially. We begin the engagement as a typical user. This allows our customers to benchmark their IPS/IDS and web application firewall (WAF) to see how they respond to an actual attack. If no flags are raised and our traffic goes unnoticed, the IDS/IPS and WAF are either not working correctly or are not properly configured.
What if SecurityMetrics does not find any vulnerabilities?
Roughly 75% of customers fail the initial penetration test with at least one medium risk vulnerability. During the remediation process, we work directly with your team to ensure the environment is properly secured. The 25% that pass their initial penetration test have the assurance of knowing that their environment is protected against the latest attack techniques.