GoVanguard
  • Company
    • About
    • Why the Name GoVanguard?
    • Company Differentiators
    • Contact Us
  • Solutions
    • Attack Simulation
      • Red Teaming and Black Box Network Penetration Testing
      • Social Engineering and Physical Penetration Testing
    • Risk Reduction
      • White Box Network Penetration Testing
      • Dynamic/Static Code Analysis and Architecture Review
    • Threat Management
      • Threat Intelligence
      • Incident Response and Threat Hunting
      • Security Operations Center (SOC) Services
    • Compliance and Strategy
      • Compliance and Risk Gap Assessments
      • Consulting Services
  • Research
    • Open Source Projects
      • Legion – Pentesting Framework
      • pyShodan – Python Library for Shodan.io API
      • pyDradis3 – Python Library for Dradis API
      • InfoSec Encyclopedia
      • Developers Guide to HIPAA
      • Other Tools/Scripts/Documents
    • Threat Center
      • Information Security News
      • Regulatory News
      • Latest Threats
      • Latest Data Breaches
      • Latest Verified Exploits
      • Latest High Severity CVE’s
      • Latest PenTest Tools
  • Partners
    • Partner Program
    • Referral Program
    • Marketplace
  • Search
  • Menu

Risk Reduction Services

You are here: Home / Risk Reduction Services

White Box Network Penetration Testing

We identify technical, architectural and logical design vulnerabilities that contribute to the risk profile (confidentiality, integrity, and availability) of your organization’s data and information systems. Our process entails a hybrid approach of utilizing both OWASP v4 and PTES (Penetration Testing Execution Standard) guidelines, which results in a robust white box base testing framework that spans over 80+ security testing procedures.

Objectives
  • Collect, scan and analyze information system configurations in order to generate a prioritized comprehensive list of environment vulnerabilities, weaknesses and risks. These include:
    • Network/server/virtualization/storage infrastructure
    • Workstations
    • Operating systems and mission critical applications
  • Outline the potential impact and severity of each vulnerability, weakness, and risk including observed deviations from standard information security best practices and principles.
  • Identify the root causes behind the vulnerabilities, weaknesses, and risks that were identified in the assessment, while conveying how those problems relate to the inherent security posture of your organization.
  • Provide your organization with a full due diligence report including information such as:
    • Vulnerability/weakness/risk details
    • Risk mitigation recommendations
    • Analysis methods
    • Information system statistics
    • Network diagrams and more.
Standard Engagement Process

Typical Timeline of Initial Test: Dependent on environment complexity
Scheduling Kickoff: Within 2 weeks after ROE is signed
Remediation Retest Policy: Free within 30 days of initial report delivery

  • Once the client has financed the project GoVanguard will provide the client with a ROE (Rules of Engagement) document that outlines the scope of the tested client information systems, project assumptions and GoVanguard’s commitment to client’s information system’s Confidentiality, Integrity and Availability (CIA).
  • White box analysis of client information systems requires that GoVanguard either ships or deliver in-person GoVanguard’s network scanning appliance.
  • GoVanguard requires certain standard prerequisites to be satisfied before the project is officially started. These prerequisites include:
    • Any diagrams and documentation pertinent to network and sever infrastructure.
    • A list of all corporate VLANs/subnets (in CIDR notation).
    • A list of all point-of-interest infrastructure IP addresses (AD DC’s, Hypervisors, Firewalls, Core Switches…etc.).
    • Full read-only access to all configuration files pertaining to any of the following information systems:
      • Network Infrastructure (Firewalls, Switches, Routers, WAPs…etc)
      • Active Directory
      • Hypervisors
      • Servers (Windows and/or Linux)
  • Once the client has satisfied all the project prerequisites, GoVanguard will perform the white box network penetration testing in a 24×7 format over the course of the predefined project timeline. Special attention is provided to ensure client information system CIA remains unaffected throughout the project. During this time, GoVanguard focuses on assessing the client’s information systems for weaknesses and vulnerabilities by collecting and analyzing corporate network traffic and system configurations.
  • After the first white box network penetration test is completed, GoVanguard will present the report findings with the client and discuss the mitigation recommendations provided in the report.
  • GoVanguard will provide the client with 30 days to remediate prioritized risks for their information systems.
  • After the 30 day remediation period, GoVanguard will perform rescanning/analysis of the same information systems to validate if previous risks were indeed remediated.
  • GoVanguard will then present and provide the client with a post risk remediation white box network penetration test report.
Sample Reports
  • PTES White Box Network Penetration Testing Report
Get a Quick Quote

Dynamic/Static Code Analysis and Architecture Review

GoVanguard’s Dynamic/Static Code Analysis evaluates both web and non-web applications. Through advanced modeling we detect flaws in your software’s inputs and outputs that cannot be seen through web scanning alone. We utilize several overlapping tools and techniques including data flow analysis, taint analysis, and control flow graphs which require the software source code. The purpose of these techniques is to discover architectural and logical design vulnerabilities within the application.

Objectives
  • Analyze your organization’s application software source code using many overlapping tools with a team of multiple GoVanguard software security engineers.
  • Identify vulnerabilities introduced to the application through dependency tree structures.
  • Map all input and output application data flows.
  • Generate a prioritized comprehensive list of software vulnerabilities, weaknesses and risks.
  • Outline the potential impact and severity of each vulnerability, weakness, and risk, including observed deviations from standard information security best practices and principals.
  • Provide your organization a full due diligence report including information such as:
    • Vulnerability/weakness/risk details
    • Risk mitigation recommendations
    • Analysis methods and tools
    • Diagrams of main application functions
    • Data flows
    • Dependencies and more.
  • Includes technical risk management recommendations that are mapped to OTGv4 (OWASP The Guide v4) as well as OWASP SAMM (Software Assurance Maturity Model) principles.
Get a Quick Quote

Latest Data Breaches

Latest Advanced Persistent Threats

Latest Major Vulnerabilities

Latest Exploits

Information Security News

Our Standard Office Hours

Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed

Where to Find Us

205 Rockingham Row, Princeton, NJ 08540
315 West 36th Street, New York, NY 10018
(212) 696-0500
hello@govanguard.com
PGP: 0xE5D39775A0C6351B
For more information about PGP please see “What PGP is, and why You should use it”.

Data Privacy Notice

  • – General Data Privacy Policy
  • – Data Privacy Opt-out

Content Notice

  • – All product names, logos, and brands are property of their respective owners.
  • – The use of these names, logos, and brands is  for identification purposes only and does not imply endorsement.
  • – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
  • – If you are an owner of some content and want it to be removed, please email hello@govanguard.com
© Copyright - GoVanguard
  • LinkedIn
  • Twitter
  • Facebook
  • Instagram
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refuseing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

General Data Privacy Policy for GoVanguard Websites