Pentagon Penetration Testing


MCH provides appropriately cleared subject matter expert personnel that provide team lead services under a subcontract to support the OSD’s Pentagon JSP Cyber Security Center.
The services performed include extensive use of commercial and non-commercial testing tool, manual penetration testing performed by individual analysts, source code reviews, testing tool development, and extensive report production.

Under our staff’s leadership the production volume of web application vulnerability assessments has increased by 400% with higher levels of quality and consistency of output.

The staff working under the contract have attained a variety of required certifications in addition to over twenty (20) years of IT experience and over ten (10) of cyber security experience each. These certifications include EC Council Certified Ethical Hacker (CEH), GIAC Web Application Penetration Tester (GWAPT), and GIAC Secure Software Programmer (GSSP).

MCH Corporation is supporting the prime contractor L3/CACI National Security Solutions.



Office of Secretary of Defense (OSD), Joint Service Provider Program (JSP), Cyber Security Center (CSC)


Pentagon/Mark Center, Alexandria, VA


MCH’s staff uses HP Fortify and Checkmarx for source code scanning as well as reviews code manually.

MCH’s staff uses IBM AppScan, Tenable Nessus, Trustwave App Detective, and HP Web Inspect to perform automated scanning.

MCH’s staff performs penetration testing with Burp Suite Pro and a wide variety of other tools found on Kali Linux, as well as others.

MCH’s staff produces complete assessments with scored findings and remediation recommendations.

MCH’s staff utilizes Remedy and SharePoint to manages assignments and workflow.

MCH’s staff uses a number of development environments and source code control systems such as Visual Studio 2016/13/12/10/v6, IntelliJ, Eclipse, Git, Subversion, and others.