Penetration TestingBreaches cost money, time, customer confidence, and your credibility. Penetration testing identifies your vulnerabilities, provides a detailed security audit report, and heightens your security awareness. We offer many pen testing services listed below. If you're looking for another kind of security audit service, please visit our IT Security Consulting page or contact us to get more information from one of our expert cybersecurity consultants.

Penetration Testing Services

External Pen Test

External penetration testing is performed remotely from the outside and involves identifying the weaknesses of a network that could potentially lead to compromised data and systems. Our expert IT security consultants (white-hat ethical hackers) utilize industry tools and hacking methodologies to find, document, and categorize by threat level the vulnerabilities that are visible from outside your network. See the External Pen Test Details for further explanation.

Internal Pen Test

An internal penetration test is an exercise to evaluate your internal network security and identify and potentially exploit vulnerabilities on your local and connected systems. The process our network security consultants follow is designed to emulate the potential actions of any malicious individual with local or remote access to your network, i.e. contractors, employees, or guest users. See the Internal Pen Test Details for an explanation of the full internal penetration testing process.

Wireless Pen Test

Wireless penetration testing identifies the types of wireless access in use and the level of network security in place ( WPA2, WEP, or none). Security testing consultants attempt to circumvent IT security measures and access the core internal network. This area of cybersecurity is frequently overlooked and can leave an otherwise very secure network wide open for anyone to access. Without proper internal security measures, your network can be used for illegal downloading of copyrighted material. The wireless network owner is required to provide security measures to prevent illegal activity, or else they may be held responsible for the damages. This type of pen test service, as you can see, is an absolutely crucial step to a secure network.

Web Application Pen Test

Unlike typical penetration testing, the target audience of a web pen test is the website administrator, application developer, or web application development team. This type of security audit service is a full force attack on all aspects of your website or web presence. See the Web App Pen Test Details for more explanation.

Social Engineering Pen Test

Our Social Engineering Penetration Testing is a simulated attack, lead and executed by a team of ethical hackers, social engineers, and network security auditors. Standalone social engineering testing can be very valuable and provide great insight into your real world IT security posture by testing the efficacy of your organization's cybersecurity culture. See more details about Social Engineering Consulting.

Instead of using one-size-fits-all scanners, Spohn’s audits are performed by highly trained, ethical hackers. 

External Pen Testing Details

An External Penetration Test, also known as our Perimeter Security Assessment, is performed remotely from the Internet. Unlike purely automated engagements like many of our competitors, each report by Spohn is handcrafted with individually-verified and documented vulnerabilities.

Our expert security consultants, i.e. white-hat ethical hackers, attempt to identify vulnerabilities in your external-facing systems by using automated tools and manual hacking methodologies. Clients can choose the effort level they desire which ranges from simple identification and documentation of vulnerabilities to full exploitation.

Penetration Testing Effort Levels

  1. Potential
    • Scanning tools hunt for security holes in Internet-facing devices. Clients receive basic reports with raw data.
  2. Probable
    • Security engineers find probable vulnerabilities, provide a detailed report on hacker methods, and offer remediation recommendations.
  3. Exploit
    • Deploys known attack methods to exploit probable vulnerabilities. This tests intrusion detection and security monitoring systems.


Internal Pen Test Details

Spohn's Internal Penetration Test  attempts to discover and validate security vulnerabilities within your network and connected systems. You may not be protecting yourself from disgruntled employees accessing your information, an anonymous user downloading pirated content on your network, or a contractor searching for competitive or budgeting information, etc. Do your current security measures protect your business’ critical assets from within?

Included Test Output



Database and Log Files

Our Process

  1. Our expert consultants initially perform the test from an unauthenticated perspective in order to attempt to identify exploitable vulnerabilities.
  2. Findings are then validated utilizing ethical hacking methodologies in order to simulate a real-world scenario.
  3. An authenticated scan is then performed against the internal network to identify any potential vulnerabilities that might exist to a credentialed user.

Web App Penetration Testing Details

Most sites have evolved over years, migrating from purely HTML to PHP/CSS/Joomla/Wordpress and to more complicated cloud-based hosting platforms. Your site may have outdated code or vulnerable, forgotten directories lying under the surface of a quick and attractive modern website. If you're worried about a reportable data breach and the confidentiality of your clients' data, Web App Pen Testing can put your mind at ease.

Included Services

  1. We test for all forms of site scripting and injection attacks
  2. We audit every directory and every file accessible from the Internet
  3. As an added bonus, we identify code issues and broken links that may be leading to instability or low SEO ranking

Find Vulnerabilities Before Hackers Do

Get a Quote!