Vulnerability Assessment and
Penetration Testing (VAPT)
Vulnerability Assessment and Penetration Testing helps identify and validate high-risk vulnerabilities and potential attack vectors that may be difficult or nearly impossible to detect using just an automated scanning tool. nDepth Security has executed hundreds of Vulnerability Assessment and Penetration Testing (VAPT) engagements. We conduct various types of VAPT assessments to include open source intelligence gathering (OSINT), Social Engineering, Network, Web/Database, Mobile Application, Wireless, and Physical assessments. We use a pre-engagement survey to help us define a custom Rules of Engagement (RoE) tailored to your business needs, as well as a testing strategy, testing schedule, and communication plan to enable de-escalation of conflicts and de-confliction of anomalies on the network to ensure your VAPT experience is both successful, and worry free.
Assessment and Authorization (A&A)
We specialize in the NIST Risk Management Framework (RMF) and have a vast amount of experience conducting Assessment and Authorization (A&A) testing, and operating in various roles such as Information Systems Security Officers (ISSO), Information Systems Security Managers (ISSM), and Security Controls Assessors (SCA).
Organizations that operate within the federal, health, and payment card industry are obligated to build information systems to adhere to standards such as; the Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability Act (HIPPA), and Federal Information Security management Act (FISMA). Information systems that are designed to process or store these types of information must undergo periodic audits to ensure the standards for these systems are being met. nDepth Security has experience with performing PCI DSS, HIPPA, and FISMA audits and working with our customers to implement appropriate mitigations for security deficiencies on their network.
Our Security Engineers are seasoned professionals with experience in systems security engineering, requirements definition and analysis, certification and accreditation (C&A) and risk management framework (RMF), technical management and U.S. Government information assurance related-policies and issuances.
Our System Engineers can help your organization in defining and analyzing system requirements and supporting the overall System Development Lifecycle (SDLC). nDepth Security engineers can build, design, and integrate complex systems from the ground up! We have experience developing and integrating solutions in environments such as Infrastructure as a Service (IaaS), Software as a Service (SaaS), and Platform as a Service (PaaS). Our System Engineers are skilled in various operating system platforms, database technologies, networking protocols, identity management, and virtualization and containerization technologies.
We are a diverse company that offers instructor-led training in many disciplines of information assurance, tailored to your mission or business requirements.
Topics could include:
✓ CompTIA PenTest+
✓ NIST Risk Management Framework (RMF) testing
✓ Introduction to tools, techniques, and testing methodologies
✓ Web application, Mobile, and Network Penetration Testing
✓ Capture The Flag (CTF) exercises
✓ ISC2 CISSP Training
✓ ISC2 CISSP-ISSEP Training