Penetration Testing

How do you fare? How secure is your business?

The best way to measure your current security level is studying how it can be hacked. A penetration test offers a safe way to test your business resilience to external or internal hacking attempts.

Our skilled, CREST certified, ethical hackers are trained to identify any vulnerabilities and see how you fare against industry best practice.

Penetration tests are an important part of a full security audit. Our services cover all aspects of organisational security, such as your IT infrastructure, web applications, social engineering and of course mobile device management.

Penetration Testing Methodology

Our penetration testing methodology uses OWASP and PTES standards at its core. All tests conducted by our penetration testors will follow the elements outlined by these standards. Assessments are different per organisation and we tailor every test accordingly.

We operate in compliance with all the relevant Civil, Statutory, Regulatory and Contractual obligations. We follow the EU Data Protection Directive 95/46/EC (March 2000) along with Data Protection Act 1998, Computer Misuse Act 1990, Freedom of Information Act, Payment Card Industry Data Security Standard (PCI DSS) and the Copyright laws relevant to the Information Technology Industry.

What are the different types of penetration test we offer?

External Penetration Testing

An external penetration test assesses the public facing infrastructure and the services hosted on them for vulnerabilities with the goal of compromising those systems or breaching the perimeter if the target uses a VPN service for remote employees.

Publicly available information relating to the target business/organization will be utilized to aid the penetration tester just as a real-life attacker would.

Internal Penetration Testing

Internal penetration tests can be performed from two main perspectives.

The first is to simulate an attacker who has gained a foothold on your internal infrastructure by any means but does not have valid credentials for any service on the network (black box).

The second is to simulate an attacker who has managed to gain access to a workstation via any remote services or a successful phishing campaign and will start with valid credentials on the network (grey box).

The purpose of the penetration tester is to try to escalate privileges on the network and gain unauthorised access to services and systems with the aim to access potentially sensitive information.

Wireless Penetration Testing

Wireless testing is designed to detect and exploit vulnerabilities in security controls used by wireless technologies and standards, targeting for example misconfigured wireless devices, and rogue access points.

Social Engineering

Penetration testing engagements can include social engineering where the tester will assume the role of a made-up entity to try and gain information or access to systems via a crafted email or phone call.

Social engineering will usually require a day of extra time to develop a pretext before sending any emails or calls. This is where information specifically relating to internal business relationships or employee details are used to create a convincing enough social engineering attack.

Web Application Penetration Testing

Web application penetration testing is the process of using penetration testing techniques on a web application to detect and attempt to exploit its vulnerabilities. The penetration tester simulates attacks such as using SQL injection tests.

It’s used on specific web applications that are exposed to either public facing or internal facing audiences where the data held in the web app is deemed to be sensitive and in need of protection.

Red Teaming

Red Teaming is a full-scope, multi-layered attack simulation and has a wider scope than just technology, it also includes people, processes and physical security. Examples include attempting to gain unauthorised access to premises and server rooms. Red Team assessments are more targeted than penetration testing, with the goal being to test the organisation’s detection and response capabilities.

TRANSFORM

Digital Transformation

Whether you want to migrate to the cloud, improve collaboration or customer experience – we help you make the right decisions, so you see the business benefit sooner.

PROTECT

Cyber Security

Do you know how resilient your business defences are? We can test your controls and help secure your network for compliance, for best practice, for peace of mind.

SUPPORT

IT Managed Services

Want proactive, reliable and cost-effective support? Our managed services make IT simple and are cost-effective and relevant to you with our best in class engineers.

D2NA

500 King Street, Longton, Stoke-on-Trent, ST3 1EZ

Need Help?