Can your infrastructure withstand an attack?
Is your data safe?
Know where you’re vulnerable and understand how these vulnerabilities can be exploited.
Penetration Testing will simulate an attempted breach to your infrastructure from outside and/or inside the network to assess the potential impact. The Penetration Test is a proactive and authorised attempt to evaluate the security of your technical infrastructure by safely attempting to exploit system vulnerabilities, including Operating Systems, service and application flaws, improper configurations, and even risky end-user behaviour.
Our testing methodology provides real world testing, we utilise automated and manual techniques across your infrastructure to identify weaknesses and like a real attacker we will focus on the key vulnerabilities discovered and attempt to exploit them to gain access to systems and/or data of value.
We offer external and internal testing to suit a wide range of infrastructure sizes, all provided IPs/URLs will have vulnerability analysis completed as part of the testing process.
What worldwide exposure do you have?
Our external testing is focused on web applications but we will test for all publically available services and identify any threats associated with them. We will use common attack techniques such as SQL injection, Cross Site Scripting and Security Misconfiguration, we utilise Open Web Application Security Project (OWASP) and Open Source Security Testing Methodology Manual(OSSTMM) methods to test your environment.
What happens when an attacker gets inside your network?
What can an attacker with internal access do? An attacker could breach your network via a Wi-Fi network, third party access or physical access. Our internal testing will simulate a network breach situation, from within your network we will identify systems and services, capture user credentials and attempt to crack them. If you utilise Wi-Fi we will test the security of your implementation. We use the same methodologies as our external testing
A full report of findings will be provided following the testing and our consultants are available to provide insight to the findings.
For a more in-depth assessment of your infrastructure we will work with you to determine the size and complexity of the assessment required to fully test every aspect of the environment, this provides a more thorough targeted attack as more in-depth knowledge of the attack surface is known prior to commencement. We utilise the same methodologies as our standard real world testing.
Using just your Company name we will look at your information exposure on the internet and deep web. We will aim to identify systems, staff and their roles and any other information freely available on the internet, using this information we will provide a plan of attack against your company. The information we discover could provide insight to your internal networks, details for a spear phishing attack and maybe even login credentials to your infrastructure.