Penetration Testing

Penetration testing assesses the security posture of your organisation’s digital assets by simulating real-world techniques and attacks.

By assessing the attack surface of your systems, applications and networks, penetration testing attempts to exploit identified vulnerabilities to show you how far an attacker could get in your organisation if they were to find them first.

Web Application Testing

Whether you require web application or thick client assessments, our testing involves extensive manual checks supported by automated scanning.

We cover much more than the basic OWASP Top 10, ensuring operational and business logic flaws are rapidly detected, assessed and exploited to identify potential business risk.

External Network Testing

We will identify and exploit security misconfigurations and vulnerabilities in your public facing infrastructure.

External network testing simulates a remote, unauthenticated attacker and will identify whether your perimeter can be breached to gain access to your internal networks.

Internal Network Testing

Simulating an internal attack, whether that be via a compromised system or rogue insider, we will identify and exploit security misconfigurations and vulnerabilities in your internal networks from behind your perimeter firewall.

This testing will highlight areas of your internal infrastructure that present opportunities for adversarial gain.

If required we can also deploy our Portable Pentest Platform (PPP), a virtual machine that can be powered up anywhere in your internal network and will connect back to our infrastructure, allowing us to simulate internal testing.

Wireless Network Assessment

Our assessments will identify flaws in your wireless authentication mechanisms, potential rogue access points on your premises and weaknesses in network segregation/isolation.

Whether it’s testing for unauthorised access to your organisation, crossing network boundaries from within or accessing your staff wireless network from your guest network, we’ve got you covered.

Reporting

We provide detailed reports outlining identified vulnerabilities ordered by severity, methods of identification and if applicable, exploitation with proof of concept attack flows for reproducibility, as well as likelihood and impact metrics that will assist you in evaluating and addressing the risk to your business.

Recommended remedial actions to ensure your security posture is strengthened moving forward are standard in all our reports.

  1. Scoping

    Requirements Defined
    Engagement Window Availability

  2. Pre-Engagement

    Agreed Points of Contact
    Engagement Window Confirmed
    Client Update Schedule Agreed
    Engagement Authorisation

  3. Engagement Phases

    Reconnaissance
    Vulnerability Identification
    Exploitation
    Privilege Escalation
    Post Exploitation
    Lateral Movement
    Organisational Compromise

  4. Reporting

    Executive Summary
    Technical Summary
    Attack Chain Storyboard
    Vulnerabilities Rated by Severity
    Complexity and Impact Metrics
    Remedial Advice

  5. Post-Engagement

    Post Engagement Communication