Penetration Testing
We offer full penetration testing services for internal and external networks.
Penetration testing (also known as a pentest or pentesting) is an authorised simulated attack on a computer system, network or web application to identify vulnerabilities that could be exploited. Testing should be conducted from outside the organisation (external testing) and from inside the organisation.
We offer full, CREST and CHECK approved, penetration testing (also known as an IT Health Check, ICT Health Check or a pentest) services for internal and external networks. We cover all areas of penetration testing such as applications, infrastructure, PCI DSS, mobile, build reviews, cloud hosting, wireless, database reviews and vulnerability assessments.
The vulnerabilities identified are reported back to the system owner along with mitigation recommendations.
Penetration testing can also be used to test your compliance with security policies, the security awareness of your staff and how effectively it can respond to security threats.
A penetration test can assure you that the systems and security controls tested have been configured by following best security practice and that there are no common or publicly known vulnerabilities in the target system at the time of the test. If vulnerabilities are found these can be rectified before an attack or security breach occurs.
What is included in the Penetration Report?
We supply a full penetration testing report, which covers the following:
Executive management summary; non technical overview of issues for management board level
Detailed technical findings; complete list of all issues identified
Affected Hosts; a list of all hosts affected, including the associated network port
Risk Level; impact, likelihood and overall risk ratings are listed for each issue
Example; output or screenshots to demonstrate the issue
Recommendations; recommendations of how to remediate the issues, including any reference to documents that can assist
What is the difference between a vulnerability Test anda Penetration Test?
Vulnerability assessments look for known vulnerabilities and report back potential exposures. It is normally an automated scan using a commercial tool. A penetration test aims to exploit and verify the weaknesses via a variety of different methods performed by the human tester.
Vulnerability tests often produce what is known as “false positives” where the software assumes certain issues or vulnerabilities based on criteria, but these may be incorrect. Therefore, a penetration test is a much more realistic test to assess the risk levels of any detected vulnerabilities.
How often should you conduct a penetration test?
It is recommended that external and internal penetration testing should be conducted annually as cyber threats are constantly evolving.
If major changes are made to the infrastructure or new applications are developed, then it is recommended that additional testing is conducted. This ensures that any recent changes are not introducing new vulnerabilities into the environment.
Some certifications such as ISO 27001 or PCI DSS, require a certain frequency of testing to remain compliant.
