Penetration Testing Services (PTS)
Penetration testing is the assessment of the security of a system(s) against different types of attacks performed by an authorised security expert with the aim to expose its security weaknesses.
Our Penetration Testing Services (PTS) simulate the tactics and techniques of real world attackers to identify and validate exploitable pathways. Our services are designed for testing perimeter defence, the security of externally-available applications, and the potential for exploitation of open source information. Our Services complement the organisation’s efforts to reduce cybersecurity risks by taking a proactive approach to mitigating attack opportunities.
External Pen test
This penetration test aims to identify routes to access the organisation’s internal IT assets via all Internet-facing assets a criminal hacker could use as potential entry points into your network such as firewall, router and web applications.The test checks your network for vulnerabilities and security issues that a real attacker could potentially exploit to steal sensitive data by penetrating the perimeter of your network.
This test will provide valuable insights into where your organisation is most vulnerable from an external perimeter perspective. The test will provide a report where it will highlight the areas that need improvement.
Internal Pen Test
This penetration test will have our tester assuming the role of a malicious “insider,” or an ill-intended employee with a certain level of access to the internal network. We can also use elevated access to attempt to exploit the systems assuming the role of administrators or users with elevated credentials. The way we will gain access is through dedicated tools that will identify a vulnerability and we will use it to gain access further.
Web Application Pen Test Methodology
The Web Application Pen test focuses on vulnerabilities within applications’ design and development to implementation and use. Our testers will use dedicated tools to check the applications and their relevant components. The tester will particularly test:• The areas where the user provides input • Vulnerabilities by attempting manual exploitation through bypass authentication and authorization controls and validations • Vulnerabilities on the database
Social Engineering attacks
This type of penetration testing, provides an opportunity for determining the potential susceptibility of personnel to phishing attacks and measures the effectiveness of your security awareness training. In the exploitation part of social engineering, depending on the campaign, the exploit may be a phishing email with a link to a fake login portal that captures employee passwords as they log in, a backdoor that reaches out to a controlled server, or simply information our tester will be able to capture.
This type of penetration testing employs a variety of tactics, techniques, and procedures to identify exploitable vulnerabilities in the infrastructure and the systems of the organisation that could expose the organisation to a loss of sensitive information, unauthorised access to their systems, or even malicious activity. This testing measures the effectiveness of physical security measures, as well as, the compliance with organizational security policies and protocols.
Our Physical penetration testing simulates a physical breach of the security controls of an office building or infiltration of a data-centre or other critical infrastructure, and tests staff’s actions and security electronic systems resilience. Physical penetration tests can be conducted both during working and non working hours depending on the type of breach the organisation wishes to assess.
How do we determine which of the tests is more appropriate for our organisation?
Our team is at your disposal for advice depending on your information technology assets. Our penetration tests and attacks can be combined and will typically scale in sophistication depending on our mandate and agreed scope.
How can we be assured that the pen testers will not cause any damages or losses of information?
Rules of engagement for the penetration testing including prohibited activities will be agreed in advance.
Do we expect down time or disruption to our normal work?
All the tests are done within a controlled environment and no methods are used where the systems of the organisation will become unavailable or unresponsive. The tests are done up to the point where the vulnerability can be proven.
Do pen testers collect any data?
No data collected during our pen test will be used for any purposes or disclosed in any way.