As part of our Cyber Security work with clients we can provide a Penetration Testing service, this can form part of the overall Modernisation Strategy of your Cyber Security processes or utilised as a standalone service to test the robust of your existing infrastructure.
Our Penetration Testing service helps identify security issues, verifies the security issue exists, then provides a roadmap to fix the discovered security issues.
Project Scope
We work with our clients to identify what the goals are for the penetration test.
Online Engineering
We investigate a companies online presence to identify useful information, this involves collating information from publicly available sources.
Vulnerability Scanning
We analyse potential entry points to the network, host, or application and assess vulnerabilities for the next stage.
Penetration Testing
We analyse potential entry points to the network, host, or application and assess vulnerabilities for the next stage.
Previously identified vulnerabilities are researched.
Discovered vulnerabilities are tested to confirm status.
Passwords are tested to ensure minimum complexity requirements are in place.
Control
Privilege escalation is used to gain access to a higher level account and potentially take control of the machine.
We do this because often when a machine is breached its from a user account that typically only has access to a limited amount of data or system commands.
Advancement
We test for pivot points. A machine that could be compromised from a phishing email or external machine that could be used to route traffic through to other machines on a network.
Reporting
We produce a severity ordered report which covers all of the discovered security findings, evidence, steps to reproduce the issue, and remedial work that needs to be undertaken.