Host-based penetration testing
With NetSPI’s host-based penetration testing, our security experts perform a deep dive review of baseline workstation and server images used to deploy systems to the corporate environment. NetSPI performs host-based penetration testing, virtual desktop penetration testing, and virtual application penetration testing.
Host-based penetration testing benefits
NetSPI’s host-based penetration testing reduces organizational risk and improves network security. Standard network penetration testing engagements may not provide comprehensive insights into the vulnerabilities that exist in your baseline system images and Citrix deployed desktops.
During host-based penetration tests, NetSPI tests system drive encryption, group policy configurations, patch levels, service configurations, user and group roles, third party software configurations, and more. It also includes a review of the systems and applications for common and known vulnerabilities. NetSPI supports host-based penetration testing of most Windows, Linux, z/OS, and MacOS variations. Also, testing can be conducted against physical hardware, virtual machines, or virtual desktops.
Types of host-based penetration testing
Host-based penetration testing
NetSPI conducts an assessment to evaluate the security of a standard system image. Testing is intended to identify vulnerabilities that have the potential to provide unauthorized access to systems, applications, and sensitive data. NetSPI supports host-based pentesting of most Windows, Linux, z/OS, and MacOS variations.
Testing may include the review of physical security controls, software security controls, user and group configurations, local access control configurations, local system configurations, local patch configurations, clear text storage of passwords, and clear text storage of sensitive data.
Virtual desktop penetration testing
It has become common for companies to make their traditional desktop applications accessible from the internet by publishing them through virtualization platforms like Citrix or VMware. However, with the ease of access comes additional risks that don’t have to be considered for desktop applications living behind a firewall.
During virtual desktop penetration tests, NetSPI identifies vulnerabilities that provide unauthorized access to the operating system through desktops published via virtualization platforms. NetSPI reviews the system configuration to identify vulnerabilities that could be used to escalate privileges, pivot into the internal environment, or exfiltrate sensitive data.
Virtual application penetration testing
It has become common for companies to make their traditional desktop applications accessible from the internet by publishing them through virtualization platforms like Citrix or VMware. However, with the ease of access comes additional risks that don’t have to be considered for desktop applications living behind a firewall.
During virtual application penetration testing, NetSPI identifies the risks specific to applications published through virtualization platforms along with traditional application testing to help ensure that your company is staying safe while trying to adapt to evolving business needs.
You deserve The NetSPI Advantage
Security experts
- 300+ pentesters
- Employed, not outsourced
- Domain expertise
Intelligent process
- Programmatic approach
- Strategic guidance
- Delivery management team
Advanced technology
- Consistent quality
- Deep visibility
- Transparent results
