Penetration Testing

Penetration Testing

Using the same tools and techniques as real attackers, we provide in-depth assessments of all types of applications, networks, and infrastructure and provide remediation guidance to improve your security posture.

Web Application Penetration Testing

In-depth assessment of your security-critical web applications. Web Application Penetration testing evaluates the security posture of an application across the development life cycle, enabling you to identify, eliminate, and prevent security risks in the applications that drive your business.

External Network Penetration Testing

A pre-arranged attack against an organization’s Internet-facing systems, networks or applications with a specified goal in mind. Typically, the goal is to gain unauthorized access to data or resources by circumventing controls that are in place.

Internal Network Penetration Testing

Not be confused with a simple network vulnerability scan, a good penetration test involves scanning, manual testing and exploitation. Our skilled testers often chain exploits together to achieve specific goals, such as obtaining Domain Administrator access, accessing credit card information, or targeting other “crown jewels” such as HR or Payroll system or PII information.

Cloud Security Penetration Testing

Organisations are realizing the benefits of moving infrastructure and services to the cloud however they often do not fully understand the security implications of doing so. A cloud technical security assessment will identify deficiencies in cloud security architecture, identify vulnerabilities in applications and provide recommendations to improve security of the cloud system.

Web Services/API Penetration Testing

Web services or APIs allows applications to expose programmatic interfaces that can be used by other integrated applications. The web services are often hosted on an internal network, but with the increasing popularity of mobile or web applications, many web services are being exposed to the Internet. These factors combine to mean that an increasing number of threats are targeting such interfaces, meaning they should be included in any vulnerability analysis.

Mobile Application Penetration Testing

Mobile applications are universal and are often used to access sensitive information and functionality. These mobile applications can present serious security exposures, including insecure storage and transmission of sensitive information and/or sensitive client-side business logic, and mobile platform-specific vulnerabilities on hand-held devices.

Wireless Security Penetration Testing

Wireless networks are an extension of your organization's infrastructure perimeter and should be tested thoroughly. While their use eases the job of networking and connecting computers, it is also easy for a malicious perpetrator to get into the network over wireless infrastructure.

Social Engineering Assessment

People are often the weakest link in security. As a result of busy workdays coupled with improper training, people can often be manipulated into providing access or giving away sensitive information. Including social engineering as part of any significant penetration test can provide insight into the real threats posed.

Vulnerability Scanning

Our vulnerability scanning service includes identification of threats to your assets through automated, and regularly scheduled scans of both your external, and internal facing assets.

Get in touch with an expert

If you're ready for your next penetration test, or want to discuss your requirements with a qualified expert, get in touch today.

The Ultimate Penetration Testing Checklist

Download our guide on the top 5 areas to focus on in your next penetration test.

Checklist mockup Cropped

Our Qualifications

Council of Registered Ethical Security Testers
CREST Approved companies and their CREST Certified staff, with proven technical capabilities and a commitment to integrity and high-quality service, are the natural choice in information security testing providers.
Offensive Security Certified Expert
OSCE is the most challenging penetration testing certification in the industry. It proves a practical understanding of advanced penetration testing skills: the ability to identify hard-to-find vulnerabilities and misconfigurations in various operating systems.
Information Security Management System
ISO 27001 Lead Auditors and Lead Implementers possess an understanding of enterprise information security risk management.
InfoSec Registered Assessors Program
The program, run by the Australian Signals Directorate, that assesses ICT environment for processing and storing classified data. Security Centric has multiple assessors to satisfy resource demands.
Security Cleared Personnel
Consultants and engineers maintain SECRET or TOP SECRET security clearances. This means those personnel discovering vulnerabilities in your systems are properly vetted.
Payment Card Industry Qualified Security Assessor
Audit and certify environment processing and storing credit card transactions.