MindPoint Group (MPG) offers penetration testing services designed to identify and exploit vulnerabilities in applications, networks, and infrastructure. The service simulates real-world attacks to uncover security weaknesses before malicious actors can exploit them. MPG performs several types of penetration tests: - Internal Network Penetration Testing: Assesses non-public-facing applications and devices, examining how vulnerabilities can be chained to access sensitive resources. - External Penetration Testing: Evaluates internet-facing devices and applications, analyzing how vulnerabilities could enable movement from external to internal access. - Application Penetration Testing: Targeted assessment of specific applications, including custom web apps and APIs. - Source Code Review: White-box analysis of application source code to identify vulnerability-prone areas. - Red Teaming: Simulated attacks combining phishing, external/internal testing, and evasion techniques. - Wireless Penetration Testing: Reviews wireless configurations, broadcast range, and protocols for exploitable vulnerabilities. Testing combines automated scanning with manual attack techniques. Automated tools are used to identify known vulnerabilities and common defects, while manual testing builds on those findings to craft targeted attack scenarios. Testers also chain multiple vulnerabilities together to demonstrate realistic exploit paths. Engagements are offered in Small, Medium, Large, and Custom tiers, varying in the number of exploit findings, application pages, network endpoints, and follow-up validation sessions. Deliverables include a detailed report covering tests performed, vulnerabilities discovered, remediation strategies, and optional Plan of Action and Milestones (POAM) documentation. The service targets compliance requirements including PCI and FedRAMP.