Penetration Testing allows you to identify where the weak-points in your security are. It is considered best practice by numerous security standards include ISO27001, as a requirement of GDPR and any business regulated by PCI-DSS, FCA or other bodies to have a Penetration Test carried out at least annually by a competent, and independent external third party.
Conducting Penetration Testing against your people, processes, property and technology will gain you an insight into how well security operates throughout your business and how well you can withstand an attack.
We use our global reach and research insights to collect, process and analyse how threats are evolving. This allows you to stay informed with general threats, industry specific threats and targeted threats to your organisation.
What sets our Penetration Tests from others
Our Penetration Testing service is different from many of the other penetration testing services available today. Our key difference in the market place is our team, their mixed skill sets and diverse experience.
We know every client is different, so is every Penetration Test. We tailor every test to your requirements and needs. We will take time to understand your business, why you need testing and how best to deliver the perfect test for you.
Every step of the way through your penetration test you will have direct access to your tester and, where we are working on a team based engagement, you will have direct access all the time to the team leaders.
We have an extensive repository of custom developed tools and exploits at our disposal that can be used to bring to life the advanced attack techniques of the chaotic actors that may target your business. These, coupled with our unique reporting style, means you are ensured the very best testing results and experience.
Download our penetration testing brochure to find out more information on our penetration testing services.
Penetration Testing Process
At a high level, there are four stages to our general penetration tests. These are Scoping, Testing, Reporting and Review. This can be seen on the right in our typical penetration test process flow.
The most important part when considering your penetration test is the scope. The scope is what defines which objects or assets require testing.
Defining a scope can be relatively simple. The whole scope may be a single system or application where the boundaries are clearly defined. In other cases the scope will be more complex. For example, when conducting a PCI-DSS penetration test the scope must meet the requirements of section 11.3 of the PCI-DSS. In this example it will need us to verify the scope for testing to ensure that the scope adequately covers all in-scope systems.
For simple requirements we can typically scope a test accurately via a phone call or email, more complex tests will require a scoping form to be completed.
The testing phase is where all our skill and experience come into play. Communication is key to the delivery of a good security testing engagement. You will receive communication from your tester at intervals defined during the Pre-Test discussions. Typically this will be towards the end of each day.
Arguably the most complicated part of the engagement, this can sometimes be one of the most time consuming phases. Reporting takes all of the raw technical output from the test and turns it into a readable document. Depending on the type of test booked, there may additionally be csv files of vulnerabilities, screen casts of exploitation in action and access to a private file repository to download files.
Our review process is tough for our testers. Every report will be reviewed by either our senior team leader or our CEO. During the review they will look at each vulnerability identified and exploit performed to ensure that the penetration test achieved the best results within the time-frame of the scope.
Penetration Test Report
Reporting is vitally important to every penetration test. We often get asked by clients why one third of the time assigned to a test is dedicated to creating the report, and the answer is simple. The report is the single tangible piece you receive at the culmination of your penetration test.
We approach reporting in a different way to many of our peers. Your main report is split into three sections.
While these three sections constitute the Penetration Test Report, we also provide you with a CSV file containing all the verified vulnerabilities to aid your technical teams in the remediation of the vulnerabilities.
Wherever possible, we also include links to downloadable video files for particular exploits so you can watch the penetration tester performing the exploitation and understand how the exploitation works.
All of this combined provides you with the most comprehensive penetration test report available to date.
Purchase Penetration Testing Online
We have a number of Penetration Testing services available quickly and easily.