Virtual Desktop Penetration Testing

Virtual desktop penetration testing identifies vulnerabilities that enable unauthorized access to the OS through desktops published via virtualization platforms such as VMware or Citrix.

Improve Network Security

Virtual desktop pentesting reduces organizational risk and improves network security

As the number of remote workers increases, managing physical workstations becomes more challenging. So, many companies provide remote desktop access through virtualization platforms such as Citrix and VMware. These platforms make it easy for remote employees, partners, and vendors to access what they need with less overhead cost and management. However, with ease of access comes security risks that differ from corporate laptops.

During virtual desktop penetration testing, NetSPI identifies vulnerabilities that provide unauthorized access to the operating system through desktops published via virtualization platforms. Additionally, NetSPI reviews the system configuration to identify vulnerabilities that could be used to break out of Citrix or VMware, escalate privileges, pivot into your internal network environment, or exfiltrate sensitive data.

Our penetration testers find 20% more vulnerabilities by using our Resolve™ platform and proven methodology.

Virtual Desktop Penetration Testing Service

NetSPI tests your virtual desktop hosted internally or in a virtualized environment. Our approach to virtual desktop pentesting provides a security assessment of server-side controls, data communication paths, and potential client-related issues. We employ manual and automated pentesting processes using commercial, open source, and proprietary software to evaluate your virtual desktops.

Breakout Testing

During a Citrix breakout test or VMware breakout test, NetSPI identifies configurations that allow an attacker to bypass virtual desktop restrictions, exfiltrate data, or access assets on the internal network.

  • Virtualization platform vulnerabilities and configurations
  • Virtual desktop configurations
  • Ingress configurations
  • Egress configurations

Powered by Resolve™

Virtual desktop pentesting engagements are managed and delivered through Resolve, NetSPI’s vulnerability management and orchestration platform. Resolve elevates your vulnerability management and pentesting program.

Pentesting Research and Tools

Learn about penetration testing on our blog, our open source penetration testing toolsets for the infosec community, and our SQL injection wiki.