• Solutions
  • Overview
  • Network Security
    • Vulnerability Scan
    • Penetration Testing
  • Government
    • SCAP
    • FISMA
    • CAG 20
  • Industry Compliance
    • PCI
    • HIPAA
    • SOX
    • COPPA
    • GLBA
    • NERC
  • Consultants
  • Enterprise
  • Small Business
• Products
  • Overview
  • Software
    • SAINT® scanner
    • SAINTexploit^TM
    • SAINTmanager^TM
    • SAINTwriter®
  • On Demand SaaS
    • WebSAINT PRO^SM
    • WebSAINT®
  • Appliances
    • SAINTbox^TM
    • SAINTstick^TM
• Services
  • Overview
  • PCI Compliance
  • Vulnerability Assessment
  • Penetration Testing
  • Web App. Assessment
• Customers
  • Overview
  • Case Studies
  • Testimonials
• Support
  • Overview
  • Technical Support
  • Certification Training
  • Videos
• Resources
  • Overview
  • Literature
  • Request Demo
  • Request Evaluation
• Partners
  • Overview
  • SAINT Partners
  • Contact Partners
• Company
  • Overview
  • Contact Us
  • News
  • Events
  • Careers
  • Management

• Solutions Overview

Network Security –

• Vulnerability Scan
• Penetration Test

Government Compliance –

• SCAP
• FISMA
• CAG 20

Industry Compliance –

• PCI
• HIPAA
• SOX
• COPPA
• GLBA
• NERC

 

• Solutions for Consultants
• Enterprise Solutions
• Small Business Solutions

 

 

 

 

 

 

 

 

 

 

Penetration Test Solutions – SAINTexploit™

Penetration testing solutions from SAINT are designed to simulate both internal and external real-world attacks. This type of testing is valuable to any organization’s information security program by identifying the methods of gaining access to a target and understanding the techniques used by attackers. There are many levels and types of penetration testing and the scope of the project should be well defined in order to meet your goals. SAINT’s experience and technology with heterogeneous infrastructures provides customers the flexibility of testing the entire network or a subset. Targets included in the scope could include popular protocols, network devices, databases, Web applications, desktop applications, and various flavors of operating systems.

Many organizations are now performing their own penetration testing with internal staff rather than using third party assessors; this reduces costs and allows more frequent testing. Based on years of vulnerability and exploitation experience, SAINT Corporation developed the SAINTexploit penetration testing tool. It is integrated with SAINT's vulnerability scanner allowing customers to exploit a vulnerability discovered by the scanner to confirm its existence without a doubt. Advanced users can also add their own exploits, modify existing exploits, and use SAINT's post-exploitation tools.

SAINT focuses on the development of exploits where a shell can be established. A shell, or shellcode, is where all exploits included in our product offer a command shell/direct connection to the target from the computer performing the testing. Exploits target operating systems, desktop applications, databases, Web applications, protocols, and network devices. The most common exploit types included in SAINTexploit include the following:

• Remote Exploit – These attacks are launched across the Internet or network against a vulnerable target without the user having previous access to the system.
• Client Exploit – The victim must access the attacker’s resource for a successful attack to take place. Common client exploits include e-mail forgery attacks, enticing the user to visit a Web site, or to open a file.
• Local Exploit – In order to launch a local attack, the attacker must have previous access to the victim. (Also known as privilege elevation and tunneling within the SAINTexploit product.) In this case, the victim's machine is used as the launch pad for connecting to other vulnerable targets.

The SAINTexploit penetration testing product is offered as a software download, SaaS cloud service, pre-configured appliance, or as a pre-configured USB drive. The product is integrated with the SAINT vulnerability scanner, and SAINTwriter— the report writing tool.

 

Copyright © 2010 SAINT Corporation. All Rights Reserved.