PENETRATION TESTING
Penetration testing (also called pen testing) intention is to find any issues with security in computer system, network or web application that an attacker could use. Our experienced professional penetration testers, also known as ethical hackers, simulate an attack using same techniques as hackers would to find and exploit any weaknesses. This way you can fix any of the security issues before they can be exploited by someone with malicious intentions.
HERE IS WHAT YOU GET
Scoping the pen test
Talk to our experienced security team about your concerns. We’ll review your application and infrastructure with you, and create requirements for the best security test possible. For each test we assign a team with skills best suited to your application stack.
Actionable reports
All findings are assessed and validated to ensure the report contains only issues with potential for real impact. Results will contain detailed description of how your team can reproduce and confirm the findings (crucial in order to fix them!). We’ll propose steps your team can do to address reported vulnerabilities.
Supporting you all the way
Your team can collaborate directly with our security engineers on fixing the vulnerabilities.
There when you need us
We can deliver penetration tests as frequent as you like. We will support you in building a pen test program that fits your needs.
Goals of a penetration test
- Determine feasibility of a particular set of attack vectors.
- Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence.
- Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
- Assess the potential business and operational impacts of successful attacks.
- Test the ability of network defenders to detect and respond to attacks.
- Justify increased investment in security personnel and technology.
Our services
Secure
We use “throwaway” Virtual Machines per test which will be destroyed after test. Making sure none of the findings or data we might have accessed during testing has any chance of leaking.
Collaborative
Get descriptions, screenshots and suggested fixes. Need more? Ask security engineers directly.
Our talent
Certified Researchers
We always include at least one certified security professional with a recognized certification on Pen Test engagements.
On Top Of The Game
Our security engineers keep their skills fresh and sharp as portion of their time is reserved for research and taking part in security challenges and training.
Our process
We use a mixture of automated and manual tests a real attacker would use. Driven by experience, curiosity and inquisitiveness our pen testers leave no stone unturned.
OUR PENETRATION TEST SERVICES
Infrastructure testing
We believe that a secure infrastructure is the foundation for a cyber resilient organization. Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls.
Application testing
Many organizations rely heavily on applications to run their business. These are often the digital shopfront for an organization that can be accessed from anywhere in the world. Commonly this includes presenting information, providing functionality to staff or customers, or providing a backbone for all of the organization’s data processing needs.
Build review
In addition to infrastructure and applications, the security of the underlying servers is key to preventing a compromise. However, should a compromise occur, hardening is important to ensure any breach is sufficiently contained and that an attacker cannot easily move any further around the system or infrastructure.
Mobile application & device
Becoming increasingly more frequent, organizations are now developing and using mobile applications to interact with clients and staff alike. It is important that the applications offer the same levels of security as traditional web applications, and as such, we offer an extensive mobile application penetration testing service of all of the common platforms, including Android, Apple,and Windows Phone applications.
Network device reviews
Network devices within an organization provide the backbone for communication within the infrastructure. If one is compromised this could have a devastating effect on the overall security of the organization. Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, HP, Juniper, Palo Alto, Brocade, SonicWall and Mikrotik.
Wireless penetration testing
Wireless access points can offer attackers a means to attack an infrastructure from a safe distance, often going undetected. Our wireless network testing and configuration review service aims to ensure that those wireless networks are securely implemented and offer a high level of security. The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.
SCADA and ICS testing
Supervisory Control and Data Acquisition (SCADA) systems, also known as Industrial Control Systems (ICS), are commonly deployed within a range of industries including power production, manufacturing, water treatment and oil and gas. Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.
Secure code view
To ensure a ‘defence in depth’ approach to security for applications, we carry out source code reviews. A source code review service is a systematic examination of an application’s source code from both manual and automated perspectives. This ‘white box’ approach is intended to find and fix mistakes overlooked in the initial development phase, which may not always be possible to find with ‘grey box’ or ‘black box’ testing methodologies, improving both the overall quality of software and the developer’s skills.
Virtualization testing
More frequently, organizations are now moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. Often, those environments offer an unrestricted means of traversal into corporate environments. Therefore the security posture of virtualized environments can’t be overlooked. We carry out a combination of build review and infrastructure testing of virtual environments or private clouds, on both commercial and restricted networks. Our experience includes key products such as VMware, Hyper-V as well as cloud service providers like Amazon and Google.
Stolen laptop reviews
With many laptops or mobile devices being lost or stolen, we review devices to identify what information can be obtained if it falls into the wrong hands. This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.
Gold image build reviews
We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment. This will ensure that the master image has not been infected or tampered with before it’s pushed out and used.
Database reviews
We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB as well as others.