A thorough test of the security of your network, conducted using the same tools and techniques hackers and crackers use.
A Penetration Test is a thorough test of the security of your network, conducted using the same tools and techniques as those used by various attackers who might wish to access your network through unauthorized means.
Our consultants will work with you to identify the scope of the test, limit the design of the test to your prescribed parameters, and discuss the various options available to you. We will also look at your timescales and match your needs to one of our testers, or if they are more appropriate, a tester from one of our partners.
During a Penetration Test or “Pen Test”, our highly trained and certified personnel will try to attack and penetrate your systems using the same tools and techniques that a hacker would. If vulnerabilities are found, an attempt will be made to exploit them and enter the exposed system and, where permitted, move laterally through your network.
Unlike a hacker, our testers have very strict rules of engagement and will work within the scope defined by you. Our testers liaise with you before transgressing from the scope to ensure your systems are not harmed and that you are comfortable with their actions.
The output of the Penetration Test is a report on the findings and recommendations on what you can do to remediate any problems which were identified. Our consultants will also be on hand to explain the report and assist in remediation if required.
Industry best practice suggests that you use a different Penetration Testing Company for each test, which are usually undertaken at least annually. In order to retain your business and ease your experience, we have partnered with some numerous Pen Test suppliers, many of whom have been trained by the Department of Defense. This allows us to rotate in a different team for every test, allowing you continuity of procedure while also remaining compliant.
Some examples of the different types of Penetration Testing which we will perform are:
- Web & Infrastructure
- Application Security
- Database Security
- Social Engineering
- VPN / Remote Access Security
- VOIP Security
- Wireless Security
- Mobile Application Security
- Source Code Reviews