Enterprise Grade Pen Testing

Penetration Testing services enable organisations to identify, assess and prioritise vulnerabilities and security flaws across their applications, API’s, platforms and infrastructure. Over the last decade, threat vectors previously encountered only by nation states have become increasingly common. The team has been mitigating and managing the risks from these attacks for organisations for years, and as the threat landscape shifts, so too have the number of organisations that require access to our seasoned and trusted security professionals.

‍

‍How does it work?

Penetration testing will help to identify security vulnerabilities which might otherwise leave your company open to compromise. Our team has a proven track record in finding such vulnerabilities in some of the most complex, and sophisticated IT environments.

‍

Our security testing services are designed to:

‍

• Improve business awareness and understanding of your Cyber Security exposure to risk
• Identify and fix security vulnerabilities before they can be exploited by criminals
• Support ISO 27001, PCI DSS, GDPR and PAS 499 ID & Authentication compliance
• Provide independent technical assurance of your security controls
• Enable the prioritisation of security investments through actionable intelligence
• Demonstrate a continuous commitment to security to your customers and partners

‍

Credentials

The penetration testing and red teaming group are well versed, holding multiple certifications awarded by bodies such as CREST, Offensive Security and the Tiger Scheme and also complements this focused knowledge with its National Cyber Security Centre (NCSC) Certified Professionals, to provide a valuable wider viewpoint to penetration testing assurance.

‍

Methodology

As the penetration testing industry has matured, certifying bodies have demanded a standardised way of performing activities. However, there is only so much that can be done before the creativity inherent in “hacking” is removed and the benefits of the service is lost. Nevertheless, this same standardisation encourages better quality testing exercises by making sure that a minimum level of testing is completed.

‍

Our methodology is iterative in nature, this means that the process repeats itself until either all options have been exhausted or the testing time-period has expired.

‍

1. Discover Attack Surface

Each iteration starts with attack surface discovery - this can be at any level of the target, for example, authenticated or unauthenticated, or as a result of the exposure produced by another attack.

‍

2. Launch Relevant Initial Attacks

Next, exploratory attacks are launched in order to further understand the attack surface. These attacks are tuned to be as relevant as possible for the context.

‍

3. Gain Foothold

Should they be successful, the attacker has gained a foothold. The attack may require further tuning in order to gain firm access.

‍

4. Attack Development & Execution

Once the results of the initial attacks are known, attacks that are most likely to be successful are developed further to maximise the chance of success and then executed.

‍

5. Controlled Exploration of Access

In this iteration’s final stage, the attacker will look to take advantage of whatever access has been gained. This may simply be access to data and information, or it may be that the successful attack now opens up the possibility of further attacks.

‍

6. Reporting

We will provide a detailed penetration test report. Vulnerabilities and security flaws will be ranked in order of criticality using the open industry standard Common Vulnerability Scoring System (CVSS) framework. This will detail all vulnerabilities and security flaws found and the recommended remediation.

‍

‍

‍