Penetration Testing

What is a Penetration Test?

Penetration testing is an attempt to discover the existing vulnerabilities in the network system, website application or improper configuration before an attacker could exploit. Penetration test is either done automatically using software or done manually by a skilled professional.

  • Our penetration test is performed to identify the possible entry points.
  • It is also helpful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.
  • We not only discover the vulnerabilities but our reports will also include personalized information of how to fix the flaws which are detected

Penetration Testing Methodologies


Black Box Penetration Test

We judge the clients network from the hacker point of view to understand how they can penetrate in the network without the required identification.


Gray Box Penetration Test

This is different from black box as in this test partial information about the credentials a is provided by the client to perform a sophisticated analysis of login-logout functions and screens across various applications and network


White Box Penetration Test

Unlike the above two tests in white box the complete information of the credentials is provided by the client. The automated tools are used to identify the vulnerabilities

Penetration Testing Standards

LPT(Licensed Penetration Tester methodology from EC-Council)
WASC-TC (Web Application Security Consortium Threat Classification)
OSTTMM (Open Source Security Testing Methodology Manual)
PTF (Penetration Testing Framework)
OWASP (Open Web Application Security Project)
OISSG (Information Systems Security Assessment Framework)
ISSAF (Information Systems Security Assessment Framework)
NIST SP800-115 (Technical Guide to Information Security Testing and Assessment)

Main Types of Penetration Tests

Virtual Penetration Test

  • Testing of frontal servers & applications
  • Testing of websites & web applications
  • Firewall/IDS/IPS bypass testing
  • Testing of VOIP infrastructure

Physical Penetration Test

  • Malicious employee activity simulation
  • Privilege escalation attack simulation
  • Security testing of wireless networks
  • Social Engineering attack simulation
  • Phishing attack simulation

Penetration Test Reporting

We provide complete report after the tests are completed. The reports are sent to two different departments

Reports sent to the Management

  • Executive project review
  • Elucidation about discovered risks which may impact the business
  • Estimation of financial loses or other consequences in case of flaws and weakness found during the penetration test
  • Implication of additional IT budget and investments to strengthen IT security and vulnerability patching

Reports sent to IT department

  • Executive project review
  • Detailed information about the methodologies and techniques used during the project.
  • Risk level and technical depiction of weakness and vulnerabilities
  • Tailored recommendation for each weakness and vulnerabilities
  • Implication on strengthening the IT policies and infrastructure

How To Find Us



702, 7th Floor, Shalimar Morya
Park, Off Link Road,
Andheri West, Mumbai,
Maharashtra - 400053
T: +91-2249179999

United States

New Jersey

Avalance InfoCom LLC.
3, Barbara Place,
Edison, NJ - 08817

About Avalance

Avalance is the largest critical infrastructure security solutions company in india. Avalance is dedicated to helping business, governments and educational institutions run more effective information security programs.  Read More