Back to Main Page




DM TechSecure, LLC agrees to provide the Client with the following services:

Network Vulnerability Assessment
Server Vulnerability Assessment - Safeguards your network infrastructure
Optimized for scanning servers, routers, switches, and other mission-critical network infrastructure devices located behind your firewall. DM Techsecure scans network vulnerabilities on your most important corporate assets and supports a wide range of hardware, operating systems, and applications.

Desktop Vulnerability Assessment - Cost-effectively secures the back-door to your network
Optimized for desktops, laptops, and printers, DM TechSecure secures your network's desktop environment. DM TechSecure scans vulnerabilities on virtually all operating systems for workstations, laptops, and other peripheral devices that are notorious for providing back-door entry into corporate networks. It also tracks and secures any mobile devices that are transient on your network.

Targeted reporting includes:
DM TechSecure reports provide concise security status information and detail responsibilities for updates and repairs.
  • Executive status report: highlights how the most important vulnerabilities are being addressed.
  • Vulnerability details: presents all existing vulnerabilities by device, specifying repair schedules and responsibilities.
  • Vulnerability frequency - current: provides details on each type of vulnerability currently existing on the network.
  • Network Vulnerability Summary - Executive Report
    Severity Level Distribution
    Top 10 Vulnerabilities by Host
    Top 10 Most Common Vulnerabilities
    Vulnerability Distribution by Host
    Vulnerability Count by OS Distribution
Penetration Testing and Evaluation
DM Technologies conducts a penetration test as a proactive and authorized attempt to compromise information security of a computer system or network by simulating an attack and attempting to penetrate a network and/or computer system using the same methods as a Hacker and access sensitive data by taking advantage of vulnerabilities.

DM Technologies will safely assess your organization's security posture against attack methods that jeopardize data today by penetration of network defenses via exploits designed to compromise vulnerabilities in server operating systems and services, as well as client applications that run on desktop systems.

DM Technologies will attempt to compromise no more than 50 IP addresses consisting of public addresses, firewall, routers, servers, and computers. The Information Gathering step collects data about the targeted network, typically using Network Discovery, Port Scanner, and OS and Service Identification modules.
    Key Capabilities
  • Identify the operating system and services running on targeted machines
  • Control the IP ranges you want to scan
  • Select from a variety of network discovery and port scanning methods, including TCP Connect, Fast SYN and ICMP
Web Application Penetration Testing
This testing includes the ability to identify weaknesses in web applications, servers and databases, and will dynamically generate exploits for customized apps, demonstrate potential attack consequences, and get information necessary for addressing security issues. It will safely assess an organization's security posture against the top three attack methods that jeopardize data today:

Penetration of network defenses via exploits designed to compromise vulnerabilities in server operating systems and services, as well as client applications that run on desktop systems

Deception of employees, contractors and other end users via email-based social engineering attacks, such as phishing and spear phishing

Manipulation of web applications to access backend data via SQL injection and remote file inclusion techniques
    Web application security testing capabilities enables the following:
  • Identify weaknesses in web applications, web servers, web browsers and associated databases
  • Dynamically generate exploits that can prove the existence of security weaknesses
  • Demonstrate the potential consequences of a successful attack
  • Help address security issues and prevent data incidents
PCI Compliance
DM TechSecure will test the security measures and programs to comply with and validate multiple PCI requirements. Regular, controlled and safe data breach attempts will be run against your security infrastructure, while testing your end users against social engineering attacks. As a result you'll know if your security defenses and response plans are in-place and working properly as mandated by the PCI Standard.

Client-Side Test Reports
There are two reports generated specifically during Client-Side Penetration Testing: the Client-Side Penetration Test Report and the User Report. The Client-Side Penetration Test Report is a full audit trail of each attack, including the email template sent, exploit launched, test result (success or fail), and details about compromised systems. The User Report details which links were clicked during a Client-Side test, when they were clicked, and by whom.

Targeted Reporting for Penetration Testing includes:
DM TechSecure Penetration Testing reports provide concise security status information.
  • Executive Summary Report provides a summary of all the test activities and obtained results utilizing visual charts and highlighting the most important finding of the penetration test.
  • Executive Status Report provides summarized information about all the different hosts and vulnerabilities that were successfully exploited during the test.
  • Activity Report provides detailed information about all the modules that were run as part of the penetration test.
  • Host and Exploited Vulnerability Report provides a comprehensive list of all targets discovered on the network and detailed information about all of the vulnerabilities that were successfully exploited during the test.
  • Web Application Test Reports generates two reports during Web Application Penetration Testing: the Web Application Vulnerability Report which provides information about vulnerable fields and other paths of attack identifying which parts of an exposed application require development changes or other fixes. The Web Application Executive Report provides a high-level summary of tested web applications and results to inform management of test results and to validate remediation resource requirements.
  • PCI Compliance Report is designed to augment, validate and prioritize the results of vulnerability scans mandated by the Payment Card Industry (PCI) Data Security Standard (PCI). The report provides automated capabilities to determine if the potential vulnerabilities reported by vulnerability scanning can be actually exploited and enables security professionals to identify major risks that must be addressed to achieve PCI certification. The software interoperates with eight of the leading open source and commercial scanners, providing the industry's broadest support for third-party vulnerability scanners.
  • Client-Side Penetration Test and User Reports provides a full audit trail of each attack, including the email template sent, exploit launched, test result and details about compromised systems. The User Report details which links were clicked during a Client-Side test, when they were clicked, and by whom.
Information & Security Management Analysis
We'll help you improve your security posture, assess and manage risk, in areas of administrative, technical, and physical safeguards. The analysis verifies security is being done right at the operational level. We'll assist in identifying client's status to federal regulations, ensure written documentation exists regarding network security and identify client's consensus to the list of top Internet security vulnerabilities.

Policy Review: A complete review of current policies and procedures are a part of the analysis process that includes Incident and Response plan and Disaster Recovery, and Risk Assessment.

Policies, Procedures, and Awareness Review
DM TechSecure utilizes confidential questionnaire information, personal interview information, and information from the business' current policies to provide a detailed Network Policies and Procedures manual. The manual provides 36 content items and 85 pages of customizable network security policies and procedures for the client. Recommendations for improving and building upon current Network Policies & Procedures for the client will be made to improve upon current system.

Addition Social Engineering Services
DM TechSecure will visit facilities to test the physical security of the site.
DM TechSecure will call into facilities in an effort to obtain confidential information.

Vulnerability and Progress Assessment
Targeted reporting includes:
  • Executive status report: highlights how the most important vulnerabilities are being addressed.
  • Vulnerability details: presents all existing vulnerabilities by device, specifying repair schedules and responsibilities.
  • Vulnerability frequency - current: provides details on each type of vulnerability currently existing on the network.
  • Network Vulnerability Summary - Executive Report
    - Severity Level Distribution
    - Top 10 Vulnerabilities by Host
    - Top 10 Most Common Vulnerabilities
    - Vulnerability Distribution by Host
  • Vulnerability Count by OS Distribution




      © 2008 | Webmaster | Call us today at 573-874-3838 or email dmarshall@dmtechsecure.com