Network Penetration Testing Services

The Village of Ossining, New York is seeking network penetration testing services to assess and secure its public-facing perimeter. The agency needs authorized testing across all Village locations, covering all externally reachable Village-owned IP addresses, internet-facing services, web applications, remote access portals, VPN endpoints, and externally hosted services operated on behalf of the Village. This testing must include reconnaissance, service and version enumeration, vulnerability identification, authenticated and unauthenticated exploitation attempts where authorized, password attacks against exposed authentication interfaces, and validation of identified findings. The agency also requires social engineering testing of Village personnel to assess susceptibility to phishing, pretexting, and similar techniques. All findings, evidence, captured data, screenshots, credentials, and reports must remain the confidential property of the Village. The agency is establishing a contract period of two years for these services. The agency limits eligibility to onshore organizations based in the United States. The selected vendor must perform all work offsite. The agency has not disclosed a specific budget and is looking for cost proposals. Bidders must submit all questions no later than June 4, 2026.