Our consultants will work with you to identify the scope of the test and discuss the various options available to you. We will also look at your timescales and match your needs to one of our testers, or if they are more appropriate, a tester from one of our partners.
A Penetration Test or "Pen Test" will try to attack and penetrate your systems using the same tools and techniques that a hacker would, these are mostly manual. If vulnerabilities are found, an attempt will be made to exploit them and enter the exposed system and, where permitted, move laterally through your network. Unlike a hacker, our testers have very strict rules of engagement and a scope defined by you within which to work. Our testers liaise with you before transgressing from the scope to ensure your systems are not harmed and that you are comfortable with their actions.
The output of the Pen Test is a report on the findings and recommendations on what you can do to remediate any problems which were identified. Our consultants will also be on hand to explain the report and assist in remediation if required.
Industry best practice suggests that you use a different Penetration Testing Company for each test, which are usually undertaken at least annually. In order to retain your business and ease your experience, we have partnered with some other Pen Test suppliers. This allows us to rotate in a different team for every test, allowing you continuity of procedure while also remaining compliant, if this is your desire.
Some examples of the different types of Penetration Testing which we will undertake are as follows:
- Web & Infrastructure
- Application Security
- Database Security
- Social Engineering
- VPN / Remote Access Security
- VOIP Security
- Wireless Security
- Mobile Application Security
- Source Code Review