A broad snapshot of the technical vulnerabilities present in the network or system. The goal of the test is to enumerate known vulnerabilities present in the systems being assessed.
A pre-arranged attack against an organization’s Internet-facing systems, networks or applications with a specified goal in mind. Typically, the goal is to gain unauthorized access to data or resources by circumventing controls that are in place.
Not be confused with a simple network vulnerability scan, a good penetration test involves scanning , manual testing and exploitation. Our skilled testers often chain exploits together to achieve specific goals, such as obtaining Domain Administrator access, accessing credit card information, or targeting other “crown jewels” such as HR or Payroll system or PII information.
In-depth assessment of your security-critical web applications. Web Application Penetration testing evaluates the security posture of an application across the development life cycle, enabling you to identify, eliminate, and prevent security risks in the applications that drive your business. This review would include your specific business goals and security control objectives as part of its analysis, iving you assurance the controls in your environment meet the requirements of your business partners, stakeholders, and relevant regulatory bodies.
Web services or APIs allows applications to expose programmatic interfaces that can be used by other integrated applications. The web services are often hosted on an internal network, but with the increasing popularity of mobile or web applications, many web services are being exposed to the Internet. These factors combine to mean that increasing number of threats are targeting such interfaces, meaning they should be included in any vulnerability analysis.
Mobile applications are universal and are often used to access sensitive information and functionality. These mobile applications can present serious security exposures, including insecure storage and transmission of sensitive information and/or sensitive client-side business logic, and mobile platform-specific vulnerabilities on hand-held devices.
Wireless networks are an extension of your organization's infrastructure perimeter and should be tested thoroughly. While their use eases the job of networking and connecting computers, it is also easy for a malicious perpetrator to get into the network over wireless infrastructure.
Provide a clear picture of what a skilled and determined perpetrator could accomplish when attempting to breach your organisation’s physical security along with practical advice on how to improve your physical security posture. Physical penetration testing is often bundled with network penetration testing to provide a holistic view of your overall security posture.
People are often the weakest link in security. As a result of busy workdays coupled with improper training, people can often be manipulated into providing access or giving away sensitive information. Including social engineering as part of any significant penetration test can provide insight into the real threats posed.