Our methodology is grounded in the testing standards your auditors recognize: PTES, NIST 800-115, the OWASP Testing Guide, OSSTMM, and MITRE ATT&CK. We execute it the same way every time, so the quality of your engagement does not depend on which operator is assigned.
Below is the five-phase process every Sentinel Point Systems engagement follows. We start with scoping, we end with retest and remediation support, and we document every step in a way your team and your auditors can follow.
Every engagement starts with a conversation. We work with you to understand the environment, business priorities, threat model, and compliance obligations driving the assessment. Then we build a written scope and rules of engagement that everyone signs off on before any testing begins.
Statement of work, scope document, rules of engagement, communication plan, escalation contacts.
Authorization, target list or environment access, business context, key stakeholder contacts.
We map the in-scope attack surface using passive and active reconnaissance: OSINT, DNS analysis, exposed service enumeration, and authenticated information gathering where applicable. The goal is to understand the environment the way an adversary would before they ever throw a payload.
Passive OSINT, subdomain enumeration, port and service scanning, application fingerprinting, identity enumeration, user and account discovery.
Attack surface inventory, exposed asset list, candidate attack paths informed by the threat model.
This is where most firms stop and let scanners do the work. We do not. We validate every candidate finding manually, chain weaknesses into realistic attack paths, and demonstrate impact end-to-end. Where access leads to further access, we follow it (within scope) so you see the full chain rather than disconnected dots.
Manual validation, exploit chaining, business-logic abuse, post-exploitation evidence collection, lateral movement (in-scope).
MITRE ATT&CK mapping, OWASP Testing Guide, PTES exploitation, OSSTMM.
Reports are written for two audiences. Executives get a clear narrative of business risk, what we found, and what to do about it. Engineers get the technical depth they need: reproduction steps, screenshots, request and response captures, CVSS scoring, and prioritized remediation guidance.
Plain-English risk narrative, business impact, prioritized recommendations, compliance mapping.
Per-finding detail, reproduction steps, evidence, CVSS, references, and fix paths.
Delivering the report is not the end. We host a debrief call with your engineering and security teams, answer remediation questions, and re-test all critical and high findings once you have fixed them. The goal is not just to find issues; it is to help you close them.
Findings debrief call with stakeholders, remediation Q&A, retest of remediated findings, updated final report.
Closed findings with evidence, audit-ready report, and a partner you can call the next time something needs testing.