· Staff  · 2 min read

Goal Based Penetration Testing

Goal-based penetration testing from Strategic Defense is a blend of offensive security testing that serves to highlight an organization's real-world risk.

Goal-based penetration testing from Strategic Defense is a blend of offensive security testing that serves to highlight an organization’s real-world risk. It specifically emulates modern threat actors that use Tactics, Techniques, and Procedures (TTPs) that vulnerability scanners and automation simply can’t find or re-create.

How does it do that?

For every test we scope, we define a threat model. We gameplan about the different types of attackers you might face, review your overall network architecture, and then scope up a test that aligns with that threat model. The point is to define goals that can guide engagement and achieve the test flow you’re after.

This up-front work means we set out to achieve the same goals during testing that a real-world threat actor might. You get a live-fire view into what it would look like for a motivated, skilled attacker to test your perimeter, your cloud environment, your applications, your wireless networks, etc.

Mix that with the best security talent on the planet, add in some methodology we’ve drafted after decades of delivering thousands of penetration tests, and you get top-of-the-heap adversarial testing that helps you answer the big questions:

Could a threat actor breach my environment, and would my team be able to detect them once they are in?

Thats the whole point in this type of testing; emulate what the real bad guys are doing, so you get the best preparation to beat them. Find the critical flaws in your environment before they do. Exercise your blue team so they are in-shape for potential events in the future. Test your security stack to spot the gaps beforehand.

It’s penetration testing done right.

Back to Blog

Related Posts

View All Posts »
SQLi WHY

SQLi WHY

As I was doing chores around the place today (thatching the lawn.. ugh). I saw a post about a new CVE in WordPress. It’s an SQLi… As a former dev, let me say this: THERE IS NO EXCUSE FOR SQLi. NONE. ZERO. NADA.

Penetration Testing - The Key to Defending Against Ransomware

Penetration Testing - The Key to Defending Against Ransomware

The urgency to “do something” to increase defenses against ransomware has never felt more critical. However, it can be difficult to know where to focus. It doesn’t help that every security vendor on the planet sells you their security software as the golden ticket, only to find out later that it fools gold.

Virtual Red Team

Virtual Red Team

Tired of Pen Test Fallout? Get Focused Remediation with Virtual Red Teamer