Penetration testing is one of the oldest, most trusted methods used for assessing security risks. Because the process is designed to simulate a real-world attack using the tools and techniques employed by actual hackers, it provides realistic examples of how a real hacker could compromise sensitive data. The primary reason organizations will conduct a penetration test is to find and fix vulnerabilities before a criminal does.

The Compliance Overview

Information security compliance regulations and guidelines (FDIC, FFIEC, GLBA, HIPAA, HITECH, NCUA, OCC, PCI DSS, etc.) require an organization to conduct independent testing of their information security program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).

In order to ensure the security of internal networks, best practices recommend that each organization perform internal and external penetration tests in addition to regular security assessments.

The TraceSecurity Solution

TraceSecurity offers internal and external penetration tests as separate services. These tests mimic the action of an actual attacker exploiting weaknesses in network security without the usual dangers. The internal penetration test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network. The external penetration test examines external IT systems in the same manner. 

Penetration tests are different from vulnerability assessments because they exploit vulnerabilities to determine what information is actually exposed. TraceSecurity can perform this testing onsite or remote.

TraceSecurity’s penetration tests follow documented best practices for security testing methodology including:

  • Scoping and rules of engagement
  • Analysis and identification of attack vectors
  • Exploit testing and penetration attacking
  • Immediate notification of critical risks

Test results are provided in an extensive report containing:

  • Penetration test methodology
  • Executive summary
  • Business and technical risks and recommendations
  • Exploitation results listed by risk and areas of concern
  • Details and exposure of vulnerabilities              


  • On-demand network vulnerability scanning
  • Extensive information gathering (for External Penetration Testing), including public record search, Web presence analysis, email harvesting, DNS interrogation and Whois 
  • Retest: following completion of the initial penetration test, analysts will conduct retesting of initial findings to determine remediation strategies
  • On-demand report generation for executives and technical staff


Contact us for a FREE Consultation 


Learn how you can save money and delivery time by bundling an IT security assessment, a social engineering engagement and penetration testing. Click here.