What is a Penetration Testing
A penetration testing (pen test) is a real-world assessment of the security vulnerabilities within a defined area of an organisation’s infrastructure and systems. It attempts to give a realistic view of what a malicious user would be able to accomplish. Vulnerabilities are identified and exploited to gain access to systems, retrieve sensitive data and compromise security mechanisms.
Penetration testing and security audits are vital in ensuring that the controls you have in place to protect your company data and assets are effective. During testing, it is often discovered the technologies, procedures and processes an organisation considered effective were either misconfigured, inappropriate or not actually in place at all.
A Penetration Test will:
Assess the feasibility of an attack and the potential risks from such an event taking place.
Demonstrate what a hacker / malicious user would be able to achieve.
Explain the business impact of the vulnerabilities being discovered and exploited by a malicious user.
Expose issues which an automated scanner would not always identify.
Cover logic based applications (i.e. web applications) in depth from a user’s perspective.
We can now guide you through the scope of your penetration test
We will discuss the type of testing, black, white and grey box testing techniques, you should select to meet your objectives.
All testing will follow the industry standard process of The Open Source Security Testing Methodology Manual (OSSTMM) or Open Web Application Security Project (OWASP) for web application related tests.
For customers with defense contracts or ‘secret’ data, it will be a requirement when selecting your Security Partner that you choose a Government accredited pen testing company such as ourselves. These companies are known as CHECK ‘Green Light’ Companies.
External Network Layer Test – a blind (black box) pen test of your external / public IP addresses.
External / Web Application / Web Services Test – a focused penetration test of a web application / site. This can be carried out on a variety of applications i.e. company website; intranet; Citrix; company hosted sites; externally hosted sites.
Internal Infrastructure Test – any business device can be included as part of an internal test i.e. servers; desktops; laptops; WIFI; VOIP; BES; mobility devices such as tablets etc.
We can offer all types of penetration testing, including advanced persistent threat (APT) testing through to social engineering, cloud pen testing and full security audits.