Penetration Testing

Let us find and help close the risks first

Can your infrastructure withstand an attack? is your data safe?

Know where you’re vulnerable and understand how these vulnerabilities can be exploited.

Penetration Testing will simulate an attempted breach to your infrastructure from outside and/or inside the network to assess the potental impact. The Penetration Test is a proactive and authorised attempt to evaluate the security of your technical infrastructure by safely attempting to exploit system vulnerabilities, including Operating Systems, service and application flaws, improper configurations, and even risky end-user behaviour.

Our testing methodology provides real world testing, we utilise automated and manual techniques across your infrastructure to identify weaknesses and like a real attacker we will focus on the key vulnerabilities discovered and attempt to exploit them to gain access to systems and/or data of value.

We offer external and internal testing to suit a wide range of infrastructure sizes, all provided IPs/URLs will have vulnerability analysis completed as part of the testing process.

Web Application Testing

What worldwide exposure do you have?

Our external testing is focused on web applications but we will test for all publically available services and identify any threats associated with them. We will use common attack techniques such as SQL injection, Cross Site Scripting and Security Misconfiguration, we utilise Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual(OSSTMM) methods to test your environment.

infrastructure Testing

What happens when an attacker gets inside your network?

What can an attacker with internal access do? An attacker could breach your network via a Wi-Fi network, third party access or physical access. Our internal testing will simulate a network breach situation, from within your network we will identify systems and services, capture user credentials and attempt to crack them. We will test your office external IP's for publically accessible services and test any found. If you utilise Wi-Fi we will test the security of your implementation. We utilise OSSTMM for our testing.

A full report of findings will be provided following the testing and our consultants are available to provide insight to the findings.

Targeted Assessment

A determined attacker will look at all attack vectors

Can a determined attacker breach your systems and data? We can test this by spending at least 4 months targeting your business. Using just your company name we will gather and analyse pubicily available data sets to identify targets and attack vectors. We will attempt attacks against your physical environment, logical infrastructure and people to breach your systems and data.

Over 20 days we will gather, analyse and actively attack your business to find the gaps, we will provide a full report of our actions and results