Penetration Testing & Security Assessments

Penetration Testing

Experienced cybersecurity experts leverage penetration testing to improve a company’s security posture and remove any vulnerabilities that leave it open to attack. Penetration Testing goes beyond merely stopping criminals from unauthorized access to a company’s systems. It creates real-world scenarios that show businesses and organizations how well their current defenses would fare when confronted with a full-scale cyber attack.

Webcheck Security performs penetration tests to find places a hacker might exploit within various systems, networks, network devices (routers and switches) and servers. They look for ways a hacker might find real-world opportunities to compromise a company by gaining unauthorized access to sensitive data.

Webcheck Security Penetration Testers have earned the following certifications:

  • Advanced Degrees in Information Security & Technology
  • CISSP
  • OSCP
  • CEH
  • PCIP/ISA
  • AWS

Webcheck Security performs focused penetration testing for:

  • Misconfigurations
  • Product-Specific Vulnerabilities
  • Wireless Network Vulnerabilities
  • Rogue Services
  • Weak Passwords
  • Inadequate, Inconsistent or Non-Existent Password Protocols

Webcheck Security Penetration Testers have access to and utilize over 100 tools, can manually execute Java, PHP, SQL, and many kinds of scripts and languages, understand the importance of good writing, step re-creation and screen shots and are eager to consult with you about test results.

Webcheck Security employs experts in external and internal penetration testing, web application and mobile testing. They also offer other forms of Social Engineering such as Email Phishing, Call Campaigns and Physical Penetration Testing.

Web Application Penetration Testing

Web application security is critical. Webcheck Security finds any security issues with your company’s web applications, documents them and advises you on how to fix them. All tests are conducted by certified engineers who are real hackers. After reconnaissance and careful testing they manually exploit web applications they have penetrated. Deliverables include a report, documenting all findings along with recommendations to remediate any web application security issues.

Webcheck Security Engineers employ a fastidious and rigorous process. Careful reconnaissance and discovery of targets plus deliberate application of tools, potential hacker methods, careful documentation and expert advisement distinguish Webcheck Security from other Penetration Testing companies.
process

Cyber Security Assessments

Webcheck Security uses best practices and years of honed skills through experienced cybersecurity practitioners in delivering cyber security assessments to help inform decision-makers and support proper risk responses. Webcheck Security also provides an executive summary report to help executives and directors make informed decisions about their company’s cybersecurity posture.

Cyber Risk Assessments identify potential threats and vulnerabilities, then contain recommendations on mitigating them to prevent or reduce security incidents which saves your business or organization money and/or reputational damage in the long-term.

Webcheck Security provides gap and risk assessments with maturity scoring for the following frameworks and regulatory guidelines including HIPAA, PCI, NIST, CIS 20, SOC 1, SOC 2, HITRUST, FedRAMP certifications.

vCISO

Good Information Security Officers, especially CISOs, cost $150,000 – $500,000 per year. Additionally, only 38% of the Fortune 500 have one. What if you could hire a seasoned, experienced, certified professional – for a limited number of hours as needed on a month-to-month basis?

Webcheck Security provides seasoned CISSP certified CISOs to assist with:

  • Strategic Cyber Governance and Cyber Program Management
  • Risk Assessment
  • Incident Response and Business Continuity Planning
  • Compliance – PCI, HIPAA, SOC 1 & 2, ISO 27001, HITRUST, NIST etc.
  • Training IT Staff on IT Security Improvements
  • Policy Review and Writing
  • Data Privacy Mapping

Vulnerability Scanning

Quarterly vulnerability scanning is a key component of a cybersecurity strategy. Frameworks and compliances such as SOC 1, SOC 2, PCI, ISO 27001, NIST, HITRUST, HIPAA, and more require it. Find your Security Vulnerabilities before the hackers do.

Our easy-to-use scanning portal is a great way to effectively and economically check for vulnerabilities.

Some features of the Webcheck Security Vulnerability Scanning portal include:

  • Self-Service – easy quarterly scheduling and re-runs
  • Uses time-tested SAINT technology – SAINT Writer technology with SAINT ASV approval
  • Multiple IP and location handling
  • Easy to use, store and archive reports
  • Supports PCI with online SAQ as required
  • Extremely Economical

PCI Consulting Services

All merchants and service providers that handle credit card data or other types of payment card data are required to have an annual independent, third-party audit performed by a PCI Certified Qualified Security Assessor (QSA). Failure to comply can result in penalties and fines imposed daily. A data breach resulting from non-compliance could cost millions in settlements, legal fees and loss of reputation.

Webcheck Security provides expert, experienced guidance on PCI for small merchants to large enterprises. They provide the best value in the industry in QSA assessments through our partnership with AARC-360.

Webcheck Security Helps Address the Most Challenging PCI Requirements:

  • PCI Requirement 10.6-7: Log Monitoring/Alerting/Storage
  • PCI Requirement 11.1: SSID Testing
  • PCI Requirement 11.2: Economical PCI Scanning (External and Internal)
  • PCI Requirement 11.3: Penetration Testing

Social Engineering & Training

The latest cybersecurity reports have suggested that Phishing (cleverly crafted emails that look authentic) will continue to be a key way for cyber criminals to obtain credentials, system access and eventually corporate data. Similarly, other forms of social engineering such as outgoing phone call campaigns by cyber criminals continue to glean critical info from unwitting participants.

Webcheck Security conducts social engineering as part of a company’s awareness training program.

Highlights of these engagements include:

  • Sending Phishing Emails to a designated number of participants, retaining credential stats and reporting in the pen test documentation.

  • Phone Call campaigns to designated participants, maintaining and reporting stats.

  • Physical testing campaigns, in which Webcheck Security conducts USB drops or pose as delivery personnel to gain physical access to buildings and install Rasberry Pi’s or other surveillance equipment.

Digital Forensics

You’ve had an incident. So what’s next? Whether your data has been compromised by a cyber attack or your files encrypted by a cyber crime like ransomware, you will want to know how the attack happened in your network.

A digital forensic investigation can help you answer any questions you might have about the cyber attack. The digital forensic experts at Webcheck Security have helped hundreds of businesses and organizations navigate the rough waters of a cyber attack and are ready to assist you.

Webcheck Security can help preserve, identify, extract and document evidence on how your computer or network was compromised and what files may have been accessed, copied or encrypted and then producing a Forensic Report to be used to obtain a subpeona or to file a claim with your insurance company.

Webcheck Security can also assist by imaging the target server and workstation drives, conduct forensic analysis and produce a Digital Forensic Report and provide strategic cyber post-breach advisement.

penetration testing graphic

Fill Out Our Penetration Testing
Scoping Form To Get Started

Meet The Webcheck Security Team

Security engineers and architects with over a decade and a half of assessment, infrastructure and web application testing experience.

Greg Johnson
CEO

Greg Johnson started Webcheck Security after a long sales and management career with technology companies such as WordPerfect/Novell, SecurityMetrics and A-LIGN. He loves people and providing solutions with integrity. A BYU graduate, Greg Johnson began his career in the days of 64k 5.25” floppy drives and Mac 128k’s. As the industry evolved, Greg moved into the cyber arena and learned a great deal about cyber controls, compliance, data breach and response and in 2016 earned his PCIP or PCI Professional designation.

In his experience as VP of Business Development with A-LIGN, Greg Johnson consulted, guided and educated dozens of clients in compliance guidelines and certifications.

Greg also has a thorough grasp on the concepts of web application, infrastructure penetration testing (both internal and external) as well as managed detection and response, incident response and digital forensic investigations. Greg is also the co-author of the forthcoming book Testing and Securing Web Applications.

When Greg is not providing cyber solutions for his clients, he can be found playing with his grandchildren and rehearsing or performing with the world-renowned Tabernacle Choir.

Curt Jeppson
CISSP, OSCP, CISO

Curt Jeppson has been working in Information Security and Penetration Testing for 14 years in increasing roles of responsibility within the financial, marketing, legal, e­commerce and technology industries. His technical certifications include the CISSP, OSCP, and various AWS and Google Cloud engineering certifications.

Curt has a Bachelors degree in Information Technology and a Master’s Degree in Information Security and Management. He currently performs penetration tests, assessments, CISO guidance and architectural reviews for various company sizes and also teaches classes on penetration testing and other subjects in cybersecurity.

He has served as VP of Technology for United Online, run cybersecurity at a Manhattan law firm and was Director of Security at Urbint and several other organizations.

Prior to his IT careers, he was an Infantry Sergeant in the United States Marine Corps.

Kade Barney

Kade Barney is a penetration tester with a passion for all things security. Kade holds a bachelor’s degree in cybersecurity and at his university he won several ethical hacking competitions.

In addition to penetration testing, Kade worked for Presidio and has a background in incident response and management, providing him with a skill set in both offensive and preventative security tactics. Kade believes that the ability to conduct effective research is necessary to stay relevant in the quickly changing IT security environment.

Lori Crooks

Lori’s deep background includes having managed security and assurance assessment teams at a growing cyber firm, A-LIGN, including but not limited to PCI, FISMA, FedRAMP, Penetration Tests, HIPAA, ISO 27001, SOC1 and SOC2.

Lori Crooks has broad and deep knowledge of multiple cyber frameworks and subscribes to the Webcheck Security’s way of doing business – meaningful and helpful customer communication and professionalism in all documentation and consulting.

Jeremy Tillery

Jeremy Tillery, CEH, is recognized by his peers as a growing force in the information security field. He is noted for his ability in both penetration testing and social engineering. Jeremy’s passion for penetration testing constantly keeps him busy developing new skills and continuing to explore new vulnerabilities.

Currently, Jeremy holds a certification as both a Certified Ethical Hacker and COMPTIA Security+ CE. Jeremy is happiest when he is with his wife Connie raising their beautiful daughter Carly.

Kelly Matt

Kelly Matt is a seasoned security professional with twenty years of experience in technical delivery and security leadership as well as active certifications including CISSP, CISA, AWS Cloud Practitioner.

He has built and helped implement information security programs for global Fortune 500 companies, technology leaders, leading retailers and higher education intuitions. He also managed a large Penetration Test Team while maintaining a CEH cert at a large security assessment firm.