Attacks can come from many sources, including current or previous employees. Social engineering is one common approach by both hackers and testers.
Our two most common types of testing are Perimeter and Web Application. Work is executed using a number of recognised standards. Bespoke testing is also available.
Perimeter Penetration Testing
This test is a simulation of a hack against your business from outside of your network, using the same methods as a cybercriminal.
The test is designed to identify weakness and vulnerabilities that could be exploited to gain unauthorised access to your systems, assets and data. This test is often referred to a Network Penetration Test.
Web Application Penetration Testing
This is a comprehensive security review which will involve testing web and mobile applications to help uncover vulnerabilities and poor security controls.
During the test we will attempt to exploit any weaknesses and insecure functionality within the application.
The test will include web facing infrastructure including your servers and network devices.
These tests can cover websites, customised and mobile apps, as well as apps such as SharePoint, Intranet and Exchange.
This differs from other testing, as it is a regular program rather than a point in time test. Penetration testing will go deeper, and will attempt to exploit the vulnerability. Vulnerability testing is performed frequently, often quarterly, and will find all potential vulnerabilities.
An effective vulnerability assessment program allows you to understand your security weaknesses, assess the risks, and take action that will reduce the potential and likelihood of a breach.
Each vulnerability assessment provides you with information about weaknesses in your environment, offers fresh insights into degrees of risk, and suggests ways to best mitigate the risks associated with those weaknesses and evolving threats.