CDW Services / Risk Advisory / Penetration Testing
Penetration Testing
Amazing happens when your organization is protected.
CDW’s team of tenured penetration testers can help you uncover vulnerabilities in your environment before malicious actors exploit them.
Penetration Testing Overview
What is penetration testing?
Penetration testing involves simulating real-world attacks to find vulnerabilities before malicious actors exploit them. Think of it as hiring ethical hackers to see where your defences might crumble. It helps uncover hidden weaknesses, boosts overall security and ensures your sensitive data stays protected.
Penetration testing options
We have one of the most robust penetration testing teams in Canada, and we can tailor our service to your organization's needs.
- Infrastructure Pen Testing
- Application Pen Testing
- Adversarial Simulation
- Social Engineering
Infrastructure Penetration Testing
During these assessments, CDW’s penetration testers play the role of real-world attackers by targeting your critical information assets. While some vendors rely primarily on automated vulnerability scanning, CDW’s expert team also incorporates their comprehensive understanding of business networks and systems during their manual testing to provide a more holistic testing approach. CDW’s infrastructure penetration testing services consist of:
CDW’s infrastructure penetration testing services consist of:
- External Network Penetration Testing
- Internal Network Penetration Testing
- Cloud Network Penetration Testing
- Wireless Network Penetration Testing
- Security Compliance Validation Testing
- Operational Technology (OT) Penetration Testing
Application Penetration Testing
An application penetration test from CDW can identify and help you understand your risk of exposure in your applications. Our assessments leverage dynamic application security testing (DAST) and/or static application security testing (SAST) methodologies to uncover security vulnerabilities in your applications. These assessments will help you to better understand your security posture and test your readiness to withstand and respond to real-world cyberattacks.
CDW’s application penetration testing
services consist of:
- Web Applications
- Application Programming Interface (API) Endpoints
- Mobile Applications – iOS and Android
- Thick Client Applications
- Secure Source Code Review
Adversarial Simulation
CDW’s penetration testing team will simulate the techniques and tradecraft of real-world cyberattackers that relate directly to your environment and assessment concerns. These assessments highlight both the risks and impacts associated with a specific attack scenario or campaign and aim to identify critical technical gaps as well as the detection and response capabilities of an organization.
CDW’s adversarial simulation assessments include:
- Scenario-Based Penetration Test
- Purple Team Exercise
- Red Team Assessment
Social Engineering
Performing a social engineering assessment will help understand how effective security awareness training and procedures are in preventing threat actors from getting valuable corporate information directly from your employees.
CDW’s social engineering services consist of:
- Email Based Phishing
- Phone-Based Attacks (“Vishing and SMShing”)
- Onsite Physical Social Engineering
- Open-Source Intelligence (OSINT) Gathering
Learn More
Our penetration testing approach
Testing methods
Depending on the specific objectives of your business, we offer several methods of testing:
- Zero-knowledge testing: Testing with no prior information about the target, network or application
- Partial-knowledge testing: Testing with some information about the target, network or application
- Full-knowledge testing: Testing with full information about the target, network or application
The industry standards we use
We use industry best standards for performing penetration tests:
- Open web application security project (OWASP) testing guide: Standard utilized for web application vulnerability assessments and penetration tests
- OWASP mobile top 10: Standard utilized for mobile vulnerability assessments and penetration tests
- Penetration testing execution standard (PTES): Standard utilized for intelligence gathering, social engineering, wireless and network penetration tests
- NIST technical guide to information security testing & assessment (sp800-115): Used as a general approach for conducting security testing and assessments
- MITRE ATT&CK Framework: Development of specific threat models and methodologies
What we deliver
We provide a report with a summary of the penetration testing activities conducted.
The report includes:
- An executive summary of results
- Testing methodologies, phases and tools utilized
- Detailed vulnerability findings, recommended solutions and effort required for remediation
- Activity description of attack scenarios or exploitation
- An optional presentation of the critical vulnerabilities and findings
New to penetration testing?
A targeted attack penetration test (TAP) is a great option if your company is new to penetration testing.
CDW’s targeted attack penetration test focuses on evaluating and exploiting common attack paths found in your environment. Our security team will work to explore your potential risk exposure and provide recommendations on how to remediate the findings identified during the test. Evaluating your organization’s defences against common tactics will enable you to meaningfully improve your organization’s security posture and help you prepare for future security events.
Our Security Process
Why CDW for penetration testing?
Manual Approach
We don’t simply run an automated tool and generate a report; we put a lot of effort into emulating how a threat actor would want to get into your network.
We’ll Keep on Testing
If we manage to compromise the environment, we won’t stop there; we will take a step back and look for every possible way to achieve the same objective.
We Consider Your Organization
We understand that every organization has unique critical assets. We focus on what is most important for you while performing the test.
Depth of Experience
Extensive experience conducting network and infrastructure penetration tests in complex and highly sensitive environments.
Breadth of Experience and Knowledge
We’ve done testing in all industry verticals across Canada and bring you the knowledge of all our resources.
Security Experts
Our consultants have experience in aiding different-sized organizations, meaning we can help design security controls and processes that are tailored to your organization.
Numbers that reflect our experience performing penetration tests
400+
Over 400 customers have benefited from our comprehensive penetration testing exercises.
20,000+
More than 20,000 vulnerabilities identified and exploited during our penetration tests.
50,000+
Over 50,000 simulated phishing emails sent to assess user awareness.
Thousands
of penetration tests conducted by CDW's expert offensive security team.
Contact Us
Book Your Penetration
Test Now
CDW has conducted thousands of penetration tests and specialized in cybersecurity for over 15 years; contact one of our consultants to discover your environment's vulnerabilities and how you can remediate them.
Ways to reach us: