External Pen Test
This penetration test aims to identify routes to access the organisation’s internal IT assets via all Internet-facing assets a criminal hacker could use as potential entry points into your network such as firewall, router and web applications. The test checks your network for vulnerabilities and security issues that a real attacker could potentially exploit to steal sensitive data by penetrating the perimeter of your network. This test will provide valuable insights into where your organisation is most vulnerable from an external perimeter perspective. The test will provide a report where it will highlight the areas that need improvement.
Internal Pen Test
This penetration test will have our tester assuming the role of a malicious “insider,” or an ill-intended employee with a certain level of access to the internal network. We can also use elevated access to attempt to exploit the systems assuming the role of administrators or users with elevated credentials. The way we will gain access is through dedicated tools that will identify a vulnerability and we will use it to gain access further.
Web Application Pen Test Methodology
The Web Application Pen test focuses on vulnerabilities within applications’ design and development to implementation and use. Our testers will use dedicated tools to check the applications and their relevant components. The tester will particularly test:
• The areas where the user provides input.
• Vulnerabilities by attempting manual exploitation through bypass authentication and authorization controls and validations.
• Vulnerabilities on the database.