Penetration Testing

Penetration Testing

Penetration Testing

 

Penetration Testing is sometimes referred to as Ethical Hacking  is used to test organisation security risks.  We can test your Physical Infrastructure, Networks and Web Applications.

Penetration Testing is an exercise to identify vulnerabilities which could be present in an Information System, Network, Application or the Organisations overall Information Security Posture Tests are authorised and carried out by our skilled professionals using techniques that real world attackers may use.

Testing demonstrates the weaknesses, how they can be exploited and importantly provides guidance on how to reduce the associated risk.

Testing can also identify the organisations ability to respond to an incident. Our testing is carried out by our  experience Professionals  

Purpose of Penetration Testing

  • There are many reasons why an organisation may wish to commission a  penetration test, these include:

  • To identify risks or confirm risk scenarios

  • To gain assurance on security prior to deploying or procuring a new system/service

  • To provide assurance to customers and/or business partners about the security of a system/service

  • To demonstrate due diligence and due care regarding security risk.

Vulnerability Assessment

 

  • Vulnerability assessment scanning of your  network for known security weaknesses.

  • We use  scanning tools search network segments for IP-enabled devices and enumerate systems, operating systems, and applications. These  scanners can test systems and network devices for exposure to common attacks.

  • Furthermore can identify common security configuration mistakes.

Rules of Engagement

  • Penetration involves using techniques used by attackers and some basic rules of engagement must be followed to stay legal and meet expectations:

  • Ensure the scope is clear detailing exactly what tests will/will not be carried out and the times and dates of such tests

  • Never carry out tests outside of this scope under any circumstances

  • Always have formal written permission from the correct authority before conducting any form of testing

  • We always report immediately to the client any major finding and await the response, a report should never contain surprises

Services 

  • Website & Application Penetration Testing

  • Web Server Penetration Testing

  • Web Services Testing

  • External Infrastructure Penetration Testing

  • Firewall Penetration Testing

  • PCI DSS Penetration Testing

  • Network (on-site) Penetration Testing

  • Server Security Audits

  • Wireless Penetration Testing

  • Mobile Application Penetration Testing

  • Laptop & Workstation Penetration Testing

  • Social Engineering Services

 

Meeting Your Requirements

Once the testing schedule has been agreed we set to work identifying issues and vulnerabilities. Often, we have objectives that our customers have provided – such as understanding whether sensitive data can be accessed from the public Internet.

Test results are continually reviewed to provide further clues on identifying weaknesses. Penetration Testing is very much a manual exercise performed by experienced people.  We offer Vulnerability Assessment Service this may include a one time assessment or management service.  

On completion of the assessment we will provide a full, detailed report.  Vulnerabilities that may be identified:

  • Weak passwords.

  • Software bugs.

  • Out of date patching.

  • Computer viruses or other malware.

  • Script code injection.

  • SQL injection

Get a quote:

privacy statement  

 

Subscribe To Our Newsletter

Enter your email to receive a weekly round-up of our best posts.