Can your infrastructure withstand an attack? is your data safe?
Know where you’re vulnerable and understand how these vulnerabilities can be exploited.
Penetration Testing will simulate an attempted breach to your infrastructure from outside and/or inside the network to assess the potental impact. The Penetration Test is a proactive and authorised attempt to evaluate the security of your technical infrastructure by safely attempting to exploit system vulnerabilities, including Operating Systems, service and application flaws, improper configurations, and even risky end-user behaviour.
Our testing methodology provides real world testing, we utilise automated and manual techniques across your infrastructure to identify weaknesses and like a real attacker we will focus on the key vulnerabilities discovered and attempt to exploit them to gain access to systems and/or data of value.
We offer external and internal testing to suit a wide range of infrastructure sizes, all provided IPs/URLs will have vulnerability analysis completed as part of the testing process.
Web Application Testing
What worldwide exposure do you have?
Our external testing is focused on web applications but we will test for all publically available services and identify any threats associated with them. We will use common attack techniques such as SQL injection, Cross Site Scripting and Security Misconfiguration, we utilise Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual(OSSTMM) methods to test your environment.
What happens when an attacker gets inside your network?
What can an attacker with internal access do? An attacker could breach your network via a Wi-Fi network, third party access or physical access. Our internal testing will simulate a network breach situation, from within your network we will identify systems and services, capture user credentials and attempt to crack them. We will test your office external IP's for publically accessible services and test any found. If you utilise Wi-Fi we will test the security of your implementation. We utilise OSSTMM for our testing.
A full report of findings will be provided following the testing and our consultants are available to provide insight to the findings.
A determined attacker will look at all attack vectors
Can a determined attacker breach your systems and data? We can test this by spending at least 4 months targeting your business. Using just your company name we will gather and analyse pubicily available data sets to identify targets and attack vectors. We will attempt attacks against your physical environment, logical infrastructure and people to breach your systems and data.
Over 20 days we will gather, analyse and actively attack your business to find the gaps, we will provide a full report of our actions and results