Penetration Testing Services

MainNerve provides comprehensive cybersecurity solutions to help companies identify organizational weaknesses the same way an attacker would—through hacking.

Minimize the risk associated with your IT assets by finding, tracking, and prioritizing vulnerabilities.


External Network Penetration Testing

MainNerve identifies and examines vulnerabilities for external, Internet-facing systems to determine whether or not they can be exploited by a malicious attacker to compromise targeted systems, or used to gain access to sensitive company information.

Internal Network Penetration Testing

MainNerve identifies and examines vulnerabilities for internal, private systems (intranet architecture) to determine whether or not they can be exploited by a malicious attacker to compromise targeted systems, or used to gain access to sensitive company information.

Wireless Penetration Testing

MainNerve’s wireless penetration testing and assessment services evaluate the security of your business’ wireless implementations—from rogue or impersonated access points to key caching—and provide remediation recommendations.

SCADA Systems

MainNerve’s Supervisory Control and Data Acquisition (SCADA) testing and assessment services are designed to evaluate the security of your control systems and provide recommendations for remediating any existing vulnerabilities.


Web Application Penetration Testing

MainNerve’s web application penetration testing services are designed to evaluate the overall security of your web applications for internal users and external customers… and provide remediation recommendations for mitigation of security risks.

Mobile Application Testing

MainNerve’s mobile security testing covers a proven list of security concerns including: authentication, authorization, storage protection, session management, transport protection, error and exception handling, data validation, and more.

API Testing

MainNerve’s application programming interface (API) pen testing services are designed to discover, and assist with the remediation of, any access control and injection attack vulnerabilities. Our API testing services ensure the security of your applications data.


Security Risk Assessments

MainNerve’s security risk assessments help assess your organization’s information security posture in all key areas—from policies and procedures, to personnel security, and can incorporate testing assessments along with a remediation road-map.

HIPAA Risk Assessments

MainNerve’s HIPAA risk assessments can help you avoid brand-damaging and costly PHI breaches. We help you establish the necessary documentation to satisfy best practice and Meaningful Use requirements.

Testing Methods

MainNerve offers Gray Box testing for all Best Practice and HIPAA services and White Box testing for PCI compliance testing and scanning. Black Box testing or Red Team assessments are available upon special request.
The following is a summary of the different aspects of testing:

White Box

Full disclosure of the systems and networks prior to testing. In addition to the number of hosts and IP addresses, the client provides network diagrams, system roles, expected services, user-names (or similar), hostnames, and data flow diagrams. Other information may include segmentation controls, number/types of security controls (UTM, IDS/IPS), topology, and vulnerability listing (through previous vulnerability scans). A white box test is appropriate for PCI-related penetration testing.

Gray Box (Standard Testing Methodology)

Partial disclosure of the systems and networks to be tested. This includes the number of hosts, IP addresses, and possibly hostnames, if applicable. The client may elect to provide security information, such as, firewalls types and IDS/IPS controls.

Black Box

Having no knowledge of the client’s systems and networks prior to testing, this is often called a “red team” assessment. Detailed rules of engagement are confirmed and approved with the client during the discovery phase (and prior to exploitation) to ensure that any systems, domains, and networks are owned and/or controlled by the client. This type of test is typically the most expensive due to the multi-blended adversarial-based attacks performed.


At MainNerve, we are truly blessed with a talented team of cybersecurity experts and professionals. Our team comes from a background of protecting some of this nation’s most valued assets and have some of the most prestigious certifications the cybersecurity industry has to offer. And we bring that experience to the commercial world… If you’re looking for quality and affordable cybersecurity… the MainNerve cybersecurity team is the team to work with.

cisa cert
CEH cert
CISP cert
CTT cert
NET cert
Security cert
CPTE cert
GWAPT cert
ISO27001 cert
ISO20000 cert
Sprint logo
Sarasoa Logo
alaska railroad logo
magnum shooting center logo
Rocky Mountain bank and trust logo
wickedthink logo


Here at MainNerve, we intimately know our customers and partners. We focus on quality partnerships built through customized programs and personalized service. Simply put, we work hard to earn your business… and we add that “personal touch” lacking in many partner and customer relationships today. Our team works directly with our customers and partners to provide high-value cybersecurity solutions and compliance campaigns tailored to their business. We work with partners such as MSPs, complementary service providers, partners with large vertical networks, to compliment your existing relationships and revenue


Here at MainNerve, we offer a unique educational approach to cybersecurity and compliance based on over 48 years of combined experience on our team. Not only do we help companies with their cybersecurity and compliance needs… we also do everything we can to educate businesses on cybersecurity basics, as well as HIPAA and PCI compliance essentials. Our helpful blogs are just one way we strive to achieve this goal of educating our customers. MainNerve cybersecurity blog posts can provide you with quality information on cyber attacks, security breaches, data vulnerability, hardware security, malware, compliance issues, and much more.