PENETRATION TESTING

Penetration testing (also called pen testing) intention is to find any issues with security in computer system, network or web application that an attacker could use. Our experienced professional penetration testers, also known as ethical hackers, simulate an attack using same techniques as hackers would to find and exploit any weaknesses. This way you can fix any of the security issues before they can be exploited by someone with malicious intentions.

REQUEST A PENTESTING

HERE IS WHAT YOU GET

graph-04

Scoping the pen test

Talk to our experienced security team about your concerns. We’ll review your application and infrastructure with you, and create requirements for the best security test possible. For each test we assign a team with skills best suited to your application stack.

graph-03

Actionable reports

All findings are assessed and validated to ensure the report contains only issues with potential for real impact. Results will contain detailed description of how your team can reproduce and confirm the findings (crucial in order to fix them!). We’ll propose steps your team can do to address reported vulnerabilities.

graph-02

Supporting you all the way

Your team can collaborate directly with our security engineers on fixing the vulnerabilities.

graph-01

There when you need us

We can deliver penetration tests as frequent as you like. We will support you in building a pen test program that fits your needs.

Goals of a penetration test

  • Determine feasibility of a particular set of attack vectors.
  • Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence.
  • Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
  • Assess the potential business and operational impacts of successful attacks.
  • Test the ability of network defenders to detect and respond to attacks.
  • Justify increased investment in security personnel and technology.

Our services

Secure

We use “throwaway” Virtual Machines per test which will be destroyed after test. Making sure none of the findings or data we might have accessed during testing has any chance of leaking.

Collaborative

Get descriptions, screenshots and suggested fixes. Need more? Ask security engineers directly.

Our talent

Certified Researchers

We always include at least one certified security professional with a recognized certification on Pen Test engagements.

On Top Of The Game

Our security engineers keep their skills fresh and sharp as portion of their time is reserved for research and taking part in security challenges and training.

Our process

We use a mixture of automated and manual tests a real attacker would use. Driven by experience, curiosity and inquisitiveness our pen testers leave no stone unturned.

OUR PENETRATION TEST SERVICES

img1

Infrastructure testing

We believe that a secure infrastructure is the foundation for a cyber resilient organization. Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls.

img2

Application testing

Many organizations rely heavily on applications to run their business. These are often the digital shopfront for an organization that can be accessed from anywhere in the world. Commonly this includes presenting information, providing functionality to staff or customers, or providing a backbone for all of the organization’s data processing needs.

img3

Build review

In addition to infrastructure and applications, the security of the underlying servers is key to preventing a compromise. However, should a compromise occur, hardening is important to ensure any breach is sufficiently contained and that an attacker cannot easily move any further around the system or infrastructure.

img4

Mobile application & device

Becoming increasingly more frequent, organizations are now developing and using mobile applications to interact with clients and staff alike. It is important that the applications offer the same levels of security as traditional web applications, and as such, we offer an extensive mobile application penetration testing service of all of the common platforms, including Android, Apple,and Windows Phone applications.

img5

Network device reviews

Network devices within an organization provide the backbone for communication within the infrastructure. If one is compromised this could have a devastating effect on the overall security of the organization. Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, HP, Juniper, Palo Alto, Brocade, SonicWall and Mikrotik.

img6

Wireless penetration testing

Wireless access points can offer attackers a means to attack an infrastructure from a safe distance, often going undetected. Our wireless network testing and configuration review service aims to ensure that those wireless networks are securely implemented and offer a high level of security. The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.

img7

SCADA and ICS testing

Supervisory Control and Data Acquisition (SCADA) systems, also known as Industrial Control Systems (ICS), are commonly deployed within a range of industries including power production, manufacturing, water treatment and oil and gas. Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.

img8

Secure code view

To ensure a ‘defence in depth’ approach to security for applications, we carry out source code reviews. A source code review service is a systematic examination of an application’s source code from both manual and automated perspectives. This ‘white box’ approach is intended to find and fix mistakes overlooked in the initial development phase, which may not always be possible to find with ‘grey box’ or ‘black box’ testing methodologies, improving both the overall quality of software and the developer’s skills.

img9

Virtualization testing

More frequently, organizations are now moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. Often, those environments offer an unrestricted means of traversal into corporate environments. Therefore the security posture of virtualized environments can’t be overlooked. We carry out a combination of build review and infrastructure testing of virtual environments or private clouds, on both commercial and restricted networks. Our experience includes key products such as VMware, Hyper-V as well as cloud service providers like Amazon and Google.

img10

Stolen laptop reviews

With many laptops or mobile devices being lost or stolen, we review devices to identify what information can be obtained if it falls into the wrong hands. This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.

img11

Gold image build reviews

We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment. This will ensure that the master image has not been infected or tampered with before it’s pushed out and used.

img12

Database reviews

We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB as well as others.

Facebook Twitter Linkedin Instagram

COMPANY

Use Cases
CONTACT US
  • Tisalabs Limited, The Rubicorn Centre, Rubicon Centre, Rossa Ave, Bishopstown, Cork, T12 Y275
  • +353 21 202 1103
  • info@tisalabs.com

Tisalabs 2023 All rights reserved.