Physical Penetration Testing
While many companies focus on implementing strong technical security controls, physical security should not be overlooked. Many real-world security breaches take advantage of physical security weaknesses or involve a combination of physical and technical attacks.
Organized crime rings, disgruntled former employees, and nefarious attackers can employ a host of attack methods and techniques to exploit physical security controls in an attempt to gain unauthorized access to corporate facilities and assets. Once inside a trusted environment attackers can wreak havoc, steal intellectual property and hard assets and cause general disruption to the business.
AppSec Consulting’s physical penetration testing services provide a clear picture of what a skilled and determined attacker could accomplish when attempting to breach your organization’s physical security along with practical advice on how to improve your physical security posture. Physical penetration testing is often bundled in with network penetration testing to provide a holistic view of your overall security posture.
The AppSec Consulting Difference
- Our approach and methodologies are regularly updated to incorporate emerging tools and techniques allowing our team of experts to penetrate restricted and/or well secured facilities. Our staff includes the best and brightest in the industry.
- We carefully design and prepare our physical penetration tests in order to maximize our success rate while minimizing any adverse effects on your employees and keeping the testing non-destructive. In most cases the employees won’t know about our test until it’s over and the results are presented.
- Our reporting differentiates us from the competition - you'll receive an actionable custom-written report containing expert advice tailored to your business
- We're with you every step of the way throughout the remediation phase beginning with a thorough debriefing of all findings.
During a physical penetration testing engagement, AppSec consultants may carry out the following during the course of an assessment. It should be noted that our techniques are typically non-destructive and any potentially destructive techniques would only be attempted with the customer’s explicit permission. Our approach may include one or more of the following:
- 24/7 observation of physical locations and client-controlled assets in order to identify weak points in physical protection and potentially breach said entry points in a non-destructive manner in order to exfiltrate sensitive information. Items that we’ll observe include physical entry and exit points, video surveillance systems, physical access control systems, lighting, etc.
- Utilizing non–destructive methods of physical entry into buildings or bypassing electronic security systems used to protect sensitive material.
- “Tailgating”, impersonating client or service personnel, and creating and utilizing counterfeit badges or physical tokens in order to leverage social engineering attacks and gain entrance to facilities.
- Attempting to photograph, record, or otherwise document sensitive material within the client controlled environments, particularly environments constructed to protect sensitive information.
- Removal of physical assets in settings where the flow of business is not obstructed, but where the occurrence of such demonstrates a significant information security risk (all assets are returned at the conclusion of the test).
What You Get
- An actionable, custom-written Physical Penetration Testing Report which describes the physical penetration attacks performed, summarizes the results, and provides custom remediation advice tailored to your business needs.
- Expert consultation throughout the remediation phase and assistance with implementing certain remediation advice, such as employee security awareness training.