Penetration Testing is sometimes referred to as Ethical Hacking is used to test organisation security risks. Penetration Testing can be carried to your Physical Infrastructure, Networks and Web Applications.
Penetration Testing is an exercise to identify vulnerabilities which could be present in an Information System, Network, Application or the Organizations overall Information Security Posture
Tests are authorized and carried out by our skilled professionals using techniques that real world attackers may use.
Testing demonstrates the weaknesses, how they can be exploited and importantly provides guidance on how to reduce the associated risk. Testing can also identify the organizations ability to respond to an incident. Our testing is carried out by our experience Professionals
Purpose of Penetration Testing
- There are many reasons why an organization may wish to commission a penetration test, these include:
- To identify risks or confirm risk scenarios
- To gain assurance on security prior to deploying or procuring a new system/service
- To provide assurance to customers and/or business partners about the security of a system/service
- To demonstrate due diligence and due care regarding security risk
- To comply with legal, regulatory and contractual requirements
– PCI DSS requirements 11.3 environment: the entire cardholder data environment (CDE).
- Vulnerability assessment scans a network for known security weaknesses.
- Vulnerability scanning tools search network segments for IP-enabled devices and enumerate systems, operating systems, and applications.
- Vulnerability scanners can test systems and network devices for exposure to common attacks.
- Vulnerability scanners can identify common security configuration mistakes.
Rules of Engagement
- Penetration involves using techniques used by attackers and some basic rules of engagement must be followed to stay legal and meet expectations:
- Ensure the scope is clear detailing exactly what tests will/will not be carried out and the times and dates of such tests
- Never carry out tests outside of this scope under any circumstances
- Always have formal written permission from the correct authority before conducting any form of testing
- We always report immediately to the client any major finding and await the response, a report should never contain surprises
Our Penetration Testing services include:
- Website & Application Penetration Testing
- Web Server Penetration Testing
- Web Services Testing
- External Infrastructure Penetration Testing
- Firewall Penetration Testing
- PCI DSS Penetration Testing
- Network (on-site) Penetration Testing
- Server Security Audits
- Wireless Penetration Testing
- Mobile Application Penetration Testing
- Laptop & Workstation Penetration Testing
- Social Engineering Services
Meeting Your Requirements
Once the testing schedule has been agreed we set to work identifying issues and vulnerabilities. Often, we have objectives that our customers have provided – such as understanding whether sensitive data can be accessed from the public Internet. Test results are continually reviewed to provide further clues on identifying weaknesses. Penetration Testing is very much a manual exercise performed by experienced people.
We offer Vulnerability Assessment Service this may include a one time assessment or management service.
On completion of the assessment we will provide a full, detailed report.
Vulnerabilities that may be identified:
- Weak passwords.
- Software bugs.
- Out of date patching.
- Computer viruses or other malware.
- Script code injection.
- SQL injection
Get a quote: