Penetration Testing

What is a Penetration Testing

A penetration testing (pen test) is a real-world assessment of the security vulnerabilities within a defined area of an organisations infrastructure and systems. It attempts to give a realistic view of what a malicious user would be able to accomplish. Vulnerabilities are identified and exploited to gain access to systems, retrieve sensitive data and compromise security mechanisms.

Penetration testing and security audits are vital in ensuring that the controls you have in place to protect your company data and assets are effective. During testing, it is often discovered the technologies, procedures and processes an organisation considered effective were either misconfigured, inappropriate or not actually in place at all.

A Penetration Test will:

Assess the feasibility of an attack and the potential risks from such an event taking place.

Demonstrate what a hacker / malicious user would be able to achieve.

Explain the business impact of the vulnerabilities being discovered and exploited by a malicious user.

Expose issues which an automated scanner would not always identify.

Cover logic based applications (i.e. web applications) in depth from a user’s perspective.

We can now guide you through the scope of your penetration test.

Testing Strategy:

We will discuss the type of testing, black, white and grey box testing techniques, you should select to meet your objectives.

Testing Methodology:

All testing will follow the industry standard process of The Open Source Security Testing Methodology Manual (OSSTMM) or Open Web Application Security Project (OWASP) for web application related tests.

Testing Type:

External Network Layer Test – a blind (black box) pen test of your external / public IP addresses.

External / Web Application / Web Services Test – a focused penetration test of a web application / site. This can be carried out on a variety of applications i.e. company website; intranet; Citrix; company hosted sites; externally hosted sites.

Internal Infrastructure Test – any business device can be included as part of an internal test i.e. servers; desktops; laptops; WIFI; VOIP; BES; mobility devices such as tablets etc.

Testing Partner:

For customers with defence contracts or ‘secret’ data, it will be a requirement when selecting your Security Partner that you choose a Government accredited pen testing company such as ourselves. These companies are known as CHECK Green Light’ Companies.

Testing Specialism:

We can offer all types of penetration testing, including advanced persistent threat (APT) testing through to social engineering, cloud pen testing and full security audits.

Other Services:

In addition to ‘Pen Testing’ our highly experienced Security Consulting Team are also able to offer the following security services to help protect and secure your business:

Incident Response planning

PCI Compliance consultancy

Security Awareness training

Risk Management consulting

Vulnerability Assessment

Application Assessment

Malware Analysis

Forensics Labs