We simulate an attack to identify weaknesses in your network.
With an external penetration test, you get a chance to evaluate if security controls work efficiently to prevent attackers from gaining unauthorised access to your systems. The opportunistic nature of many attacks on networks nowadays shows that your organisation may become a target simply because it runs a particular technology, configuration setting or application.
The external test allows to identify weaknesses in defenses but more importantly, it evaluates the impact of those weaknesses to your organisation before real attackers do it. We perform testing in a highly controlled manner... which means that we do not use any techniques that may disrupt your business.
External penetration test
Your organisation is targeted from anywhere on the Internet. The objective is to find out how an attacker from anywhere in the world could leverage publicly available systems from your organisation to gain unauthorised access and evade your security controls.
Internal penetration test
This test simulates an attack that starts from a point within the internal network in order to evaluate the risk associated with internal threats.
Web application penetration testing
This type of penetration test is specifically focused on attempting to gain information and identify weaknesses in applications using both dynamic and static application security testing.
Wireless network security testing
As wireless technologies are prone to numerous vulnerabilities that have historically been used by malicious individuals to circumvent the traditional boundaries of internal networks. Your organisation can leverage our expertise to identify potential weak areas of your network architecture whether by performing a penetration test or architecture design reviews.
Social engineering
Social engineering techniques are used in order to identify the level of vigilance and security awareness of your personnel. We use a wide range of practices in order to gain unauthorised access to information and systems. This includes sending spoofed emails, using USB devices and cold calling your offices.
METHODOLOGY
We use a methodology based on the OSSTMM and comply with PCI DSS requirements on penetration testing. At a high-level, our pentesters run a 4-stage process that includes;
DiscoveryDetecting and gathering information about the targets.
EnumerationExecution of port scans and other methods to identify resources and map the attack surface.
Vulnerability analysisIdentification of vulnerabilities in systems, infrastructure resources and applications.
ExploitationObtaining unauthorised access by exploiting identified vulnerabilities and using all discovered attack vectors.
We deliver world-class penetration testing services that comply with PCI DSS, the OSSTMM and the OWASP guide.
1. Identifying the objectives
The engagement starts with an initial interview to understand your business and to ensure that the perimeter of the test is clearly identified.
We detail all testing steps and we will respond to any question on our methodology.
The interview is also an opportunity to highlight any areas that may require particular attention during the test.
2. Performing the test
We run all tests according to our methodology based on the OSSTMM and we comply with PCI DSS v3.0 requirements on penetration testing.
We put a particular focus on the OWASP Top 10 vulnerabilities to test your web applications.
We keep in touch and inform you immediately if any urgent critical security issue is discovered during our testing.
3. Analysing the findings
We provide recommendations and guidance on how to mitigate the risks that we have identified.
You get a clear report containing detailed instructions on how to fix the issues. Findings are prioritised in order to help you focus the resolution effort.
We follow-up to ensure that all recommendations are well understood and we suggest a timeframe to re-test any area that needs to be corrected.