Our Penetration Testing Services : Scope
Safely Exploit & Assist to Remediate / Mitigate Vulnerabilities
Application Penetration Testing
Modern organisations rely on a range of web-based applications to function. Whether these are used by staff to carry out their work, or customers as they interact with your organization, it is essential to ensure your web applications are operating securely to safeguard against data loss and costly breaches.
Mobile applications are now commonplace as staff and customers rely on mobile devices to work and interact with organisations. With mobile applications collecting and transferring so much sensitive data, it is vital to make sure they are secure.
Web services, such as APIs, connect multiple systems within your network, allowing them to communicate with each other. With web services transferring valuable data, it is essential to ensure they are not vulnerable to attack.
Many organisations still operate thick client applications within their environment. Testing of these applications involves both the local client and the server-side processing software to ensure that sensitive information is stored and processed securely.
A penetration test against your enterprise’s standard operating environment (SOE) involves testing your operating systems and all associated software. The aim is to determine the risk of a breach and whether you are vulnerable to a range of attacks and data exfiltration.
Network Penetration Testing
The external perimeter of your network is your first line of defense against cyber-attacks. Prevent unauthorized intrusions of your network’s perimeter with comprehensive external penetration testing.
Internal network penetration testing assesses your susceptibility to compromise from within your environment. Regular internal network testing helps to understand and limit the damage caused from compromised internal asset and/or from someone inside your network, including by a potentially disgruntled employee.
Wireless technologies offer great convenience but also present enhanced risk if not adequately secured. It is essential to safeguard wireless networks from vulnerabilities in the security controls, including misconfigured access points and weak security protocols.
Transport networks, utilities and manufacturing rely extensively on operational technology (OT), industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems to function efficiently. These systems, as well as the explosion of internet of things (IoT) connected devices, have become increasingly vulnerable to attack. Testing of these systems in a controlled and thoughtful manner can reduce the risk of potentially disastrous consequences due to compromise.
Physical Environment & People Penetration Testing
Securing physical premises is just as important as preventing digital breaches. Attackers may gain access to computers or servers. Alternatively, they may deliver malware via physical devices such as USB sticks. Testing is important to ensure physical intruders are prevented from attacking your systems.
Your staff can be your greatest asset in staying secure. With so many cyber-attacks, such as phishing, succeeding due to human error, it is more important than ever to ensure you know the extent to which your team understands cyber security. Carefully crafted and focused social engineering assessments are an excellent option to identify weaknesses and build a cyber resilient workforce.
As cyber-attacks become increasingly sophisticated, hackers are conducting more reconnaissance than ever to launch highly targeted attacks. Knowing and restricting information in the public domain about your organization and key people is important in anticipating likely points of attack against you and helping you to plan appropriate defences.