parallax background

Penetration Testing

Penetration Testing

Let our team of experts help to carry out system threat tests 24/7.
Drop us a line and let us know if you have had a security breach. We can help in any time zone and will work with you every step of the way in securing your network.

What is Penetration Testing?

A penetration test is when an authorized security expert attempts to find an exploit, simulating an attack on IT systems. This important test is to maximize awareness of any potential vulnerabilities. These tests help to determine what information is accessible to an adversary. The goal of this test is to close any potential gaps in security before an adversary takes

Internal Testing

  • Work with business to assess the protocols for that company
  • Work with a business to ascertain risk register digital input
  • Test resilience of internal systems from attack
  • Test procurement and supply chain models
  • Understand the level of digital security skills and training
  • Review insider vetting etc – recruitment protocols
  • Top review annual skills programmes
  • Review board awareness and board skills
  • Review critical infrastructure failure and response
  • Review emergency take down of website
  • Review back up procedures
  • Produce recommendations

Supply Chain Resilience Test

  • Ascertain cataloguing and maintenance of core suppliers
  • Review subcontractors used on supply chain by suppliers
  • Review emergency and standby suppliers
  • Test accessibility of systems
  • Produce a gird ripple diagram indicating potential areas of vulnerability
  • Review and recommend insurance measures in place on cyber breech or fraud
  • Review and advise on risk register
  • Produce Risk Report

Pentesting Includes

  • Internal Network Scanning
  • Port Scanning
  • System Fingerprinting
  • Services Probing
  • Exploit Research
  • Manual Vulnerability Testing and Verification
  • Manual Configuration Weakness Testing and Verification
  • Limited Application Layer Testing
  • Firewall and ACL Testing
  • Administrator Privileges Escalation Testing
  • Password Strength Testing
  • Network Equipment Security Controls Testing
  • Database Security Controls Testing
  • Internal Network Scan for Known Trojans

Target Identification and Analysis

  • In the first stage of the assessment, < H/H > Solutions will probe the infrastructure in scope to identify systems present and to map the layout of the environment. Having identified target hosts, Solutions will perform scans to identify services available on the systems. Where possible, < H/H> Solutions will identify the versions of applications in use on the target systems and assess the function of each host.
    • Identify target hosts
    • Identify available services
    • Assess functionality of each

Vulnerability Identification and Verification

  • Solutions will review the versions of services present on the target systems for vulnerabilities, both using automated scanning tools and using an in-depth manual analysis performed by technical staff. False-positives will be removed from the results and the remaining issues will be fed into the next stage of the engagement.
    • Perform automated vulnerability scanning
    • Manually review available services for vulnerabilities
    • Manually review available services for configuration weaknesses

Online business or individual digital footprint

  • Collect all available data or personal information available on line
  • Review social media information
  • Test familial links through social media
  • Identify key interests/ groupings and friend information
  • Review political or strong interest ( identifiable ) groups
  • Compile profile of individual or business including presence online and key characteristics
  • Produce vulnerability report and recommendations

Exploitation and Further Access

    • Where vulnerabilities have been identified and verified, Solutions will attempt to exploit these issues to ascertain the eventual impact of the issue within the environment and identified relevant threat landscape. Solutions will not exploit any vulnerabilities where exploitation could result in a denial-of-service condition without consulting with your team first; though these will be reported upon.
      • Exploit issues identified
      • Determine impact to the business of these vulnerabilities
      • Determine what further data assets could be at risk from this point