Security Testing

Protecting your infrastructure, data and reputation

Contact us
Image of a man writing on a whiteboard

Security Testing

Protecting your IT infrastructure, data and reputation of your organisation is now more, than ever critical to its ability to be successful.  Security testing is designed to detect vulnerabilities within a system and/or infrastructure that are potentially exploitable from unauthorized users.

A key part this is security testing. We offer 3 types of testing as standard, along with some bespoke offerings;

  • Self-Assessment
  • Review by Net-Defence
  • Guidance – Cyber Essentials Certified Engineers will guide you through the process
  • Audit – Our Assessors will highlight any areas that require improvement to achieve accreditation.
  • Certify – When the audit is complete your Cyber Essentials Plus certificate will be issued on the same day.

Web Application Penetration Testing

This is a comprehensive security review which will involve testing web and mobile applications to help uncover vulnerabilities and poor security controls. During the test we will attempt to exploit any weaknesses and insecure functionality within the application.

The test will include web facing infrastructure including your servers and network devices.

These tests can cover customised and mobile apps, as well as apps such as SharePoint, Intranet and Exchange.

External Penetration Testing

This test is a simulation of a hack against your business from outside of your network. There are 3 methodologies that can be applied;

  • Black Box – client provides no information.
  • White Box – client provides a lot of information. This can be seen as best value as it removes the reconnaissance phase.
  • Grey Box – somewhere in the middle, the client decides how much information they want to provide

The test is designed to identify weakness and vulnerabilities that could be exploited to gain unauthorised access to your systems, assets and data. This test is often referred to a Network Penetration Test.

Internal Penetration Testing

This test focusses on your internal network, should an attacker gain access via email, breached router or from a local machine (lost or stolen).  Attacks can come from many sources, including a current or previous employee. Social engineering is one common approach by both hackers and testers.

The purpose of the test is to identify any vulnerabilities such as misconfiguration of systems, which could allow an employee or other user to access, remove or delete confidential information and data held on your network. Common vulnerabilities include wireless network, mobile device and cloud-based storage and applications.

All of our tests are a simulation of a hack, using all of the tricks and tools of real-world hackers. The tester will be using a combination of their own processes, tools and experience along with cutting edge tools.

What to expect after testing

At the end of each test a report will be provided this will detail;

  • Summary of the Organisations security health (helpful for non-technical audience)
  • Risk based report for each vulnerability identified;
    • Evidence of findings
    • Real world impact

Security testing is one tool in your kit to ensure your network is secure. Our skilled testers use a combination of experience in conjunction with automated and manual techniques.

As with everything in this digital era new threats are emerging every day. Here at Net-Defence we are here to help you build the best defence possible. Why not talk with one of our specialists to understand more how we can help you and your organisation.

GDPR

Penalties for non-compliance can be up to 4 persent of annual turnover for an organisation.

IASME Governance

An alternative to ISO27001 specifically designed for smaller organisations

IT Services

Protect business continuity with managed IT services

Telephony Services

Modernise business communications with cloud-hosted VoIP telephony and collaboration tools