Protecting your IT infrastructure, data and reputation of your organisation is now more, than ever critical to its ability to be successful. Security testing (or pen testing) is designed to detect vulnerabilities within a system and/or infrastructure that are potentially exploitable from unauthorized users.
A key part this is security testing. We offer 3 types of testing as standard, along with some bespoke offerings;
Web Application Penetration Testing
This is a comprehensive security review which will involve testing web and mobile applications to help uncover vulnerabilities and poor security controls. During the test we will attempt to exploit any weaknesses and insecure functionality within the application.
The test will include web facing infrastructure including your servers and network devices.
These tests can cover websites, customised and mobile apps, as well as apps such as SharePoint, Intranet and Exchange.
External Penetration Testing
This test is a simulation of a hack against your business from outside of your network. There are 3 methodologies that can be applied;
- Blind – client provides no information.
- Clear – client provides a lot of information. This can be seen as best value as it removes the reconnaissance phase.
- Opaque – somewhere in the middle, the client decides how much information they want to provide
The test is designed to identify weakness and vulnerabilities that could be exploited to gain unauthorised access to your systems, assets and data. This test is often referred to a Network Penetration Test.
Internal Penetration Testing
This test focusses on your internal network, should an attacker gain access via email, breached router or from a local machine (lost or stolen). Attacks can come from many sources, including a current or previous employee. Social engineering is one common approach by both hackers and testers.
The purpose of the test is to identify any vulnerabilities such as misconfiguration of systems, which could allow an employee or other user to access, remove or delete confidential information and data held on your network. Common vulnerabilities include wireless network, mobile device and cloud-based storage and applications.
All of our tests are a simulation of a hack, using all of the tricks and tools of real-world hackers. The tester will be using a combination of their own processes, tools and experience along with cutting edge tools.