Penetration Testing
The best way to measure your current security level is studying how it can be hacked. As a Penetration testing company, we offer a safe way to test your business resilience to external or internal hacking attempts.
Our skilled, CREST certified, ethical hackers, are trained to identify any vulnerabilities and see how you fare against industry best practice.
Penetration tests are an important part of a full security audit. Our services cover all aspects of organisational security, such as your IT infrastructure, web applications, social engineering and Mobile Device Management.
What are the different types of Penetration Test we offer?
An external penetration test assesses the public facing infrastructure and the services hosted on them for vulnerabilities with the goal of compromising those systems or breaching the perimeter if the target uses a VPN service for remote employees.
Publicly available information relating to the target business/organization will be utilized to aid the penetration tester just as a real-life attacker would.
Internal penetration tests can be performed from two main perspectives.
The first is to simulate an attacker who has gained a foothold on your internal infrastructure by any means but does not have valid credentials for any service on the network (black box).
The second is to simulate an attacker who has managed to gain access to a workstation via any remote services or a successful phishing campaign and will start with valid credentials on the network (grey box).
The purpose of the penetration tester is to try to escalate privileges on the network and gain unauthorised access to services and systems with the aim to access potentially sensitive information.
Wireless testing is designed to detect and exploit vulnerabilities in security controls used by wireless technologies and standards, targeting for example misconfigured wireless devices, and rogue access points.
Web application penetration testing is the process of using penetration testing techniques on a web application to detect and attempt to exploit its vulnerabilities. The penetration tester simulates attacks such as using SQL injection tests.
It’s used on specific web applications that are exposed to either public facing or internal facing audiences where the data held in the web app is deemed to be sensitive and in need of protection.
Penetration testing engagements can include social engineering where the tester will assume the role of a made-up entity to try and gain information or access to systems via a crafted email or phone call.
Social engineering will usually require a day of extra time to develop a pretext before sending any emails or calls. This is where information specifically relating to internal business relationships or employee details are used to create a convincing enough social engineering attack.
Red Teaming is a full-scope, multi-layered attack simulation and has a wider scope than just technology, it also includes people, processes and physical security.
Examples include attempting to gain unauthorised access to premises and server rooms. Red Team assessments are more targeted than penetration testing, with the goal being to test the organisation’s detection and response capabilities
Penetration Testing Articles
Introducing SALUS
SALUS is our innovative portal which aims to transform the Penetration Testing scheduling and management process for larger organisations.
If you are an organisation that needs to conduct several large-scale Penetration Tests a year, and you are looking for a portal that provides you transparent pricing, quick turnarounds, FREE re-tests and live access to progression then look no further.