What is penetration testing?
Penetration testing a simulated cyber attack designed to exploit the vulnerabilities on a network through replicating malicious activities. This is undertaken is a safe and controlled environment so that activity can be monitored.
This involves our team visiting your site, plugging into your network and attempting to access systems we shouldn’t be able to. This replicates what would happen if a malicious party got access to your systems via an external breach and then attempted to access your internal systems. It also demonstrates what would be possible for a malicious employee to achieve. In addition, if an internal employee’s account was compromised, e.g. via social engineering, it would show the level of damage that malicious party could achieve with the compromised account.
From a remote external location we attempt to access your internal systems via the internet, replicating the activities of a malicious hacker. We attempt access via systems such as your mail server, virtual private network, firewall and any other system you have which faces the public internet.
From a remote external location we attempt to compromise your web application e.g. identifying if we can access data we shouldn’t, which sits behind your website in databases. In addition, we try to install rogue code on your web server which we shouldn’t be able to. We also try to take control of the server hosting the website which could give us the ability to delete or copy the entire site and all the data.
Do you need a system penetration test?
Malicious hackers are continually trying to breach your systems to obtain personal and private data, intellectual property or locking your systems and data using ransomware. Sometimes you may be aware you have breached, because the attack is obvious and widespread. But sometimes, you may have no idea until you are informed by your clients or law enforcement.
Breaches result in large financial loss through disruption to business, lawsuits being filed against you, loss of clients or large fines from regulatory bodies, not to mention damage to your reputation and thus future business. You need to know where to focus your efforts and funds to most effectively fortify your defences. This is the purpose of system penetration testing.
We set up as penetration testers with a simple goal: to discuss the vulnerabilities we find within the context of your business. When we finish penetration testing your systems we don’t just hand you a report and walk away. Instead, we meet and discuss the issues identified, look at how your infrastructure operates and together with your IT team and developers build a plan for how to fix the issues, prioritising those that are most devastating but with simple remedies.
We also work a little differently in our testing methods. We are academics as well as practitioners, so when we are not testing, we are researching vulnerabilities in our specialist labs. We examine not only technical issues but flaws with the business logic too, the subtle operational or process flaws. Ours are not simple text book methods and we do not rely on point and shoot tools.
Our testers have Crest Registered Tester status and can perform tests to meet with the Payment Credit Card Industry – Data Security Standard (PCI-DSS)