Penetration Testing and Ethical Hacking

HIPAA One® is owned by Modern Compliance Solutions, Inc. (MCS).  MCS is an information security assurance and consulting firm. Our specialties include penetration testing, vulnerability assessment, application architecture review, white box web application security assessment and HIPAA risk analysis.

MCS is a newly-founded venture that has the drive and determination to succeed in this dynamic and ever-changing market. The members of our team have many years of experience in this industry and have realised numerous projects, both individually and as leaders of larger teams. Having identified the needs and requirements of an industry driven by innovation and cutting-edge technology, MCS was founded to address these needs and establish itself as one of the leading companies in this sector.

Our team members have undertaken numerous projects in the following fields:

  • OWASP ASVS Certification owasp asvs
  • Web Application Penetration Testing
  • System and Network Penetration Testing
  • VoIP Penetration Testing
  • Vulnerability Assessment
  • Application Security Assessment (Technical, Operational and Organizational level)
  • Risk Assessment
  • Source Code Review
  • Business Impact Assessment
  • Data Classification
  • Gap Analysis (against ISO27001, PCI-DSS, Sarbanes-Oxley 404/PCAOB AS5 & AS12 Appendix B, best practices)
  • HIPAA Security Risk Analysis
  • PCI-DSS preparation / pre-assessment

A penetration test effort performed by an international team of penetration testers and security experts will simulate attacks from an outside and unauthenticated user-account perspective, including participants, coaches and Administrators.

A typical penetration test project comprises of the following steps:

  1. Sign wavier that includes systems, applications and activities in scope.
  2. Perform the front-line, ethical-hacking/penetration testing the nights over a several week period.
  3. Manually open any weaknesses or vulnerabilities to get past the front-line barriers into the portal’s data.
  4. Optional denial of service attacks, if the relevant attack surface is identified, can be requested then scheduled one of the above evenings.
  5. Critical vulnerabilities will be disclosed immediately during the course of the project for immediate remediation.
  6. Permission for any identified attacks involving custom code execution or that may result in denial of service will be requested and only executed with the express permission of management.
  7. In addition to scan output reports and how we compromised the system, an intelligent Executive Summary report tabulating high-risk vulnerabilities, recommendations and next-steps.