Security Testing

Protecting your infrastructure, data and reputation

Contact us
Mouse cursor hovering over the word security
a small transparent pixel

Security Testing

Crest and EC Concil Logos

Protecting your IT infrastructure, data and reputation of your organisation is now more, than ever critical to its ability to be successful.  Security testing (or pen testing) is designed to detect vulnerabilities within a system and/or infrastructure that are potentially exploitable from unauthorized users.

A key part this is security testing. We offer 3 types of testing as standard, along with some bespoke offerings;

Web Application Penetration Testing

This is a comprehensive security review which will involve testing web and mobile applications to help uncover vulnerabilities and poor security controls. During the test we will attempt to exploit any weaknesses and insecure functionality within the application.

The test will include web facing infrastructure including your servers and network devices.

These tests can cover websites, customised and mobile apps, as well as apps such as SharePoint, Intranet and Exchange.

External Penetration Testing

This test is a simulation of a hack against your business from outside of your network. There are 3 methodologies that can be applied;

  • Blind – client provides no information.
  • Clear – client provides a lot of information. This can be seen as best value as it removes the reconnaissance phase.
  • Opaque – somewhere in the middle, the client decides how much information they want to provide

The test is designed to identify weakness and vulnerabilities that could be exploited to gain unauthorised access to your systems, assets and data. This test is often referred to a Network Penetration Test.

Internal Penetration Testing

This test focusses on your internal network, should an attacker gain access via email, breached router or from a local machine (lost or stolen).  Attacks can come from many sources, including a current or previous employee. Social engineering is one common approach by both hackers and testers.

The purpose of the test is to identify any vulnerabilities such as misconfiguration of systems, which could allow an employee or other user to access, remove or delete confidential information and data held on your network. Common vulnerabilities include wireless network, mobile device and cloud-based storage and applications.

All of our tests are a simulation of a hack, using all of the tricks and tools of real-world hackers. The tester will be using a combination of their own processes, tools and experience along with cutting edge tools.

Vulnerability Testing

An effective vulnerability assessment program allows an organisation to understand its security weaknesses, assess the risks associated with those weaknesses, and put protections in place that reduce the likelihood of a breach. Conducted on a regular basis, vulnerability assessments help ensure the security of networks, particularly when changes have been made such as adding new services, installing new equipment, opening new ports, moving to the cloud. Each vulnerability assessment provides the organization with information about weaknesses in its environment, offers fresh insights into degrees of risk, and suggests ways to best mitigate the risks associated with those weaknesses and evolving threats.”

So the difference between this and a PEN test is a PEN test will go deeper. A vulnerability assessment will find all the potential weaknesses but a PEN test will then attempt to exploit these and see if they are in fact a realistic attack point. Vulnerability assessments are great for internal networks, there can be hundreds, if not thousands of devices to test, it is not cost effective to PEN test each and every device where as a vulnerability assessment is mostly automated and can run and run with no human intervention

What to expect after testing

At the end of each test a report will be provided this will detail;

  • Summary of the Organisations security health (helpful for non-technical audience)
  • Risk based report for each vulnerability identified;
    • Evidence of findings
    • Real world impact
  • Retesting

Security testing is one tool in your kit to ensure your network is secure. Our skilled testers use a combination of experience in conjunction with automated and manual techniques.

As with everything in this digital era new threats are emerging every day. Here at Net-Defence we are here to help you build the best defence possible. Why not talk with one of our specialists to understand more how we can help you and your organisation.

Information Security Assurance

A structured security plan to match your organisation.

Professional Services

Ensure compliance and gain a competitive edge with essential industry accreditations