Penetration Testing
All of our Penetration Testers are CREST certified. As such, we are accredited and quality assured against measurable and enforceable standards and competencies.
We have a wide range of tests available...
Simulating an attacker who has gained a foothold on your internal infrastructure but does not have valid credentials for any service on the network (black box), alternatively, simulating an attacker who has managed to gain access to a workstation and will start with valid credentials on the network (grey box).
Assesses public facing infrastructure and the services hosted on them for vulnerabilities. Publicly available information relating to the target organisation will be utilized just as a real-life attacker would.
Detects and exploits vulnerabilities on network devices such as firewalls, routers, access points, wireless devices and IoT.
Testing different types of applications for vulnerabilities such as web apps, mobile apps or internal apps. Can be used for apps that are exposed to either public facing or internal facing audiences where the data held is deemed to be sensitive and in need of protection.
A full-scope, multi-layered attack simulation and has a wider scope than just technology, it includes people, processes and physical security. Examples include attempting to gain unauthorised access to premises and server rooms. Red Team assessments are more targeted than regular penetration testing, with the goal being to test the organisation’s detection and response capabilities.
Assuming the role of a made-up entity to try and gain information or access to systems via a crafted email or phone call.
Frequently Asked Questions
It all depends on the on what is being tested and why, but to stay vigilant against threats we recommend annually for most tests as the minimum. Just as an example, if a web application is regularly going through several major version updates, we would recommend a test for every version change not annually. Our team can go through your requirements and recommend a schedule for regular testing.
We're CREST certified which means all of our testers are accredited and quality assured against measurable and enforceable standards and competencies. To find out more about CREST and why you should have confidence using a CREST supplier like us, check out their website here.
We appreciate this can be a complicated topic. We would encourage you to contact our team who will be able to go through your requirements and point you in the right direction.
Upon completion of each test, our tester will provide a comprehensive report on their findings. They will also organise a meeting with all stakeholders to talk through the findings in the report, and provide guidance on remediation and re-testing, if required.