Penetration Testing Services
AT&T Penetration Testing Service provides organizations with a functional test of the network and application controls that help to secure their operations and data.

Why penetration testing with AT&T Cybersecurity Consulting?
Our solutions are tailored to meet your risk assurance objectives
Features of AT&T Penetration Testing Service
Tailored to your environment and attack surface
Features
Details
Flexible engagement models
Our engagement management team works collaboratively with each client to ensure that the assessment timing, rules of engagement, and communication processes align with customer expectations.
Based on standards, informed by experience
The team keeps up to date on developments in testing standards, such as those published by NIST, OWASP, and MITRE, to make sure our testing methodologies reflect current best practice developments. We draw upon the collective experience of our testing teams to identify unique or emerging practices to find and exploit vulnerabilities.
Social engineering
Assess the security awareness and general security controls with respect to human manipulation; including email, phone calls, media drops, and physical access.
External penetration tests
Identify and exploit vulnerabilities on systems, services, and applications exposed to the Internet.
Web application assessments
Assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure.
Internal penetration tests
Simulate a malicious insider or an attacker that has gained access to an end-user system, including escalating privileges.
Test drive the AT&T Managed Vulnerability Program
Offers vulnerability, asset and patch management as well as threat and risk prioritization in one solution.
Get started ⟶
FAQ
AT&T Cybersecurity Consulting offers Network Penetration Testing, Application Penetration Testing, Wireless Penetration Testing, and Social Engineering.
AT&T Cybersecurity Consulting performs vulnerability exploitation using a variety of techniques, depending on the nature of the vulnerabilities. Our experts utilize open source technology and some commercial products to mimic tools, techniques, and procedures of malicious hackers.
Yes, it can be performed both on site and remotely. Remote testing can be done using the Remote Internal Pen-Test (RIPT) device.
Based on the scope of the project and size of the environment, AT&T Cybersecurity Consulting will estimate an expected duration of time to completion. On average, penetration testing takes 1-3 weeks.
The Vulnerability Scanning phase of the penetration test is conducted using automated tools. Next, AT&T Cybersecurity consulting manually confirms the results from the automated tools. Manual testing is done for discovery and elimination of false positives, verification of scan results, and identification of complex, emerging, or obscure vulnerabilities.
The first phase is Intelligence Gathering, in which the objective of this first phase is to gain as much knowledge as possible about the target environment. The second phase is Vulnerability Scanning, which is done to identify hosts, services, and vulnerabilities in the target environment. In the next phase, Manual Verification, AT&T Cybersecurity Consulting manually validates the results of the automated tools. Next is the Vulnerability Exploitation phase in which exploits are attempted against the identified vulnerabilities. In the final phase of Analysis and Reporting, the findings are analyzed and documented.
A scoping questionnaire will be provided to client to begin the scoping process. There is a different questionnaire for each penetration testing service (Application Penetration Testing, Network Penetration Testing, Social Engineering, Wireless Penetration Testing).
AT&T Cybersecurity Consulting does not intentionally cause a disruption of service. The intrusiveness of the penetration test as well as time window (business hours, off business hours) is flexible and discussed with the client.
Vulnerability testing determines the extent to which critical systems and sensitive information are vulnerable to compromise or attack. Penetration testing takes a step further to exploit the vulnerabilities identified in order to gain access to critical systems, sensitive information, or a specified trophy. While automated vulnerability scanning can help you identify security flaws, it can’t help you evaluate the strength of your organization’s security controls against a human attacker.
AT&T Cybersecurity Consulting can perform the penetration test on site, or remotely using the Remote Internal Penetration Testing (RIPT) device which will be shipped to the customer to connect to their network.