Wireless Penetration Testing
- Highly trained and certified wireless specialists
- Proven penetration testing methodology
- Covers all wireless technologies
- Optional on-site retest
Wireless Penetration Testing Service
Wireless Penetration Testing allows you to identify where the weak-points in your wireless security are. It is considered as best practice by numerous ISO standards and as a requirement of business by PCI-DSS, FCA and other regulatory bodies to have a Penetration Test carried out at least annually by a competent, independent external third party.
Conducting Penetration Testing against your wireless infrastructure will allow you to ascertain how well protected your wireless users and guests are, and how resistant the infrastucture is to attack.
We carry out a wide variety of attacks against your wireless setup and users in order to isolate potential issues with configuration, security and setup. As with all our penetration testing methods after completion you'll be provided with a report highlighting all the weaknesses and configuration issues discovered.
Wireless Testing Methodology
Our wireless penetration method covers 3 main areas, Discovery, Assessment and Exploitation:
- Discovery: We start by exploring the wireless infrastructure finding out the protocols in use, how the network is configured, the network boundaries and authentication methods.
- Assessment: With an understanding of the wireless infrastructure we can start to probe and test its capabilities to help us identify vulnerbilities in the configuration and setup.
- Exploitation: Having tested the infrastructure and found any loopholes we now begin exploiting them with a view to showing you the impact and scope of the issues found and presenting you with a demonstration of our attack method.
We Love Reporting
Reporting is vitally important to every penetration test. We often get asked by clients why one third of the time assigned to a test is dedicated to creating the report, and the answer is simple. The report is the single tangilble piece you receive at the culmination of your penetration test.
We approach reporting in a different way to many of our peers. Your main report is split into three sections.
- Executive Report
- Technical Report
- Vulnerability Report
While these three sections consititute the Penetration Test Report, we also provide you with a CSV file containing all the verified vulnerabilities to aid your technical teams in the remediation of the vulnerabilites.
Wherever possible, we also include links to downloadable video files for particular exploits so you can watch the penetration tester performing the exploitation and understand how the exploitation works.
All of this combined provides you with the most comprehensive penetration test report available to date.
Our methodology is based on the Penetration Testing Execution Standard.
Defining scope is arguably one of the most important components of a Penetration Test, yet it is also one of the hardest. While defining your scope, we will require a technical scoping call between one of
We will also look to understand what you want out of the test. Is it a test to satisfy your clients or regulators etc. This
This section defines the Intelligence Gathering activities of a Penetration Test which is usually carried out as the first activity following the placement of an order. The purpose of this is to provide the tester with a working methodology designed specifically for performing the test. This part of the engagement produces a document that most clients never see, detailing the thought process and goals of the penetration test.
The Intelligence Gathering process can be broken down into the below areas:
Compliance Driven Engagement: This is mainly a click-button information gathering process using a series of automated tools and is done to support tests being undertaken for PCI-DSS / FCA / HIPAA etc.
Best Practice Engagement:
Continual Cyber Assurance: These Penetration Tests require greater levels of information and build on the previous two with a lot of manual analysis. Detailed information on social networks, heavy analysis of open source intelligence data sets, deeper understanding of business relationships are undertaken over a large number of hours to accomplish the gathering and correlation.
Vulnerability Analysis is the process of discovering flaws in systems and applications which can be leveraged by an attacker or your Penetration Tester. These flaws can range anywhere from host and service misconfiguration through to insecure application design. Although the process used to look for flaws varies and is highly dependent on the particular component being tested, some key principals apply to the process.
When conducting vulnerability analysis the tester will properly scope the testing for applicable depth and breadth to meet the goals and/or requirements documented in the Pre-Engagement scope section of work. Depth values can include such things as the location of an assessment tool, authentication requirements, etc. For example, in some cases it
Whatever the scope, the testing is tailored to meet the depth requirements to reach your specified goal.
The exploitation phase of a Penetration Test focuses solely on establishing access to a system or resource by bypassing security restrictions. As a considerable amount of vulnerability analysis will have been performed prior, this phase is well planned and precise. The main focus is to identify the main entry point into the organisation and to identify
The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods described in this phase are meant to help the tester identify and document sensitive data, identify configuration settings, communication channels, and relationships with other network devices that can be used to gain further access to the network, and
This is the most important area for you. This is where we bring together all the information we have gathered into a document. A report is typically split into three parts:
Executive Report: This is a high level non-technical report and delivers the main messages of the test results. This section is heavy on management level terminology, charts
Penetration Test Report: This is the critical information around your Penetration Test. Here we document what we did, how we did it and whether or not it was successful.
Technical Report: This is the technical detail on each of the issues found and an overview of how to fix the issue.
Completing the reporting phase can take up to a week as we have a highly robust 3 stage Quality Assurance process.
Frequently Asked Questions
- Penetration Test or Vulnerability Assessment, I'm confused. What do I need?
Great question. The vulnerability assessment is akin to looking at a house and writing down the make of the locks, the location of the doors and windows. All the time checking to make sure they are closed and see if they are locked or not. A penetration test will attempt to pick those locks, open the doors, see what is behind them. The good penetration test will also try to build tunnels from the house to their house, create an inventory of all your possessions and many other things besides. We get a lot of questions asked of us regarding Penetration Testing. We have tried to gather as many of the frequently asked questions together here.
- I have a mate who can test, what makes you better?
Almost everyone has a friend, peer, colleague who understands a little about security. We test 7 days a week, 365 days a year and each tester spends a third of their time at conferences, on course and doing research to stay at the top of their skill set. It is like comparing a race car engineer (the penetration tester) to a car garage engineer (the IT generalist with some tools) to the home garage hobbyist (the friend). Occasionally, the friend will have excellent levels of skills, but is this the exception, not the norm.
- What tools do you use for a penetration test?
Our primary "tool" is the Mk1 Human. In our testers arsenal are over 200 opensource tools bolstered by more than 50 internally developed tools. On an average penetration test, 20% of the testers time will be spend working with tools. These are important for covering a lot of digital ground in a small amount of time.
- Does your Gray Box Penetration Test include Black Box?
Yes, we perform the Black Box Penetration Test first, then perform the Gray Box. Our report shows which test the finding is linked to and which role, if we test multiple user roles for the Gray Box test.
- How often should we have a Penetration Test?
The best practice guideline is at least annually but it really depends on what it is you are testing. If your environment is static and does not change, and you perform monthly vulnerability scans then you are reasonably safe in having a penetration test every three years. If you are including applications within your test scope, that change often, then you should be testing those applications separately after development and before UAT.
- What type of Penetration Test is done as part of the Cyber Essentials audit?
We are asked this question almost every week. Cyber Essentials and Cyber Essentials Plus include within the audit process a Vulnerability Assessment only. A vulnerability assessment is not a penetration test.
- We have regular vulnerability tests. Why do we need a penetration test?
A vulnerability assessment is one of the phases of the reconnaissance phase of a penetration test. In the grand scheme of a penetration test, the vulnerability assessment phase constitutes about 5% of the test.
- I want a Penetration Test, how much will it cost?
In order to determine the cost, we need to have a discussion about the scope. While some firms will give you a quote blind, it is like asking a painter to paint a building in London without knowing which building and what type of paint. There are a lot of variables and these can only be fleshed out via a scoping conversation with one of our test team leaders.
- How do we know you are any good?
For the first engagement this is always a worry for clients. We are a CREST member company with a number of OSCP and OSCE qualified staff. Our engineers have a wide variety of experience covering multiple disciplines. Have a look at our testimonials to see what our clients think. But the main thing is we actually care about our clients and their security.
- When do you issue the certificate?
We typically issue the certificate after we perform the re-test, if included. This allows you to fix any issues we identify in the initial penetration test.
- Can I talk to a tester regarding my test and re-test results?
Of course, we positively encourage you to contact us if you have any questions about your testing results, if you need pointers for fix or any explanation of the findings.