Penetration testing

Don't wait for an attacker to find your security vulnerabilities.​

Do you know what your company looks like to a hacker? An attacker’s perspective provides invaluable insight into your weak points and how to mitigate them. Our team of ethical hackers and security researchers focus on finding and helping you mitigate vulnerabilities and reducing your company’s attack surface.

getting the terms straight

Testing for every environment, customised to your requirements.

Generally speaking there are three categories of security testing. Deciding which is the appropriate means of testing the current security preparedness of an organization depends on the motivation, timeframe and budget.

Vulnerability assessment

A vulnerability assessment consists of an automated as well as manual human component. A security tester scans the corporate network to locate, categorize and rank the  organization’s security vulnerabilities. Since automated scanning invariably produces false positives, manual verification of important vulnerabilities is also performed.

penetration testing

A penetration test is goal-oriented. Building upon the results of vulnerability scanning, the ethical hacker attempts to exploit strategic vulnerabilities in order to infiltrate the corporate network and achieve a set of concrete objectives. These objectives usually focus on an organizations critical systems, and serve to demonstrate the importance of instituting appropriate security measures.

red team assessment

Red teaming differs from standard pentesting in scope, timeframe and objective. Red team engagements usually involve a team of testers each bringing a specific skillset, such as intel gathering, social engineering, or web application hacking, lasts several weeks or longer, and is geared toward testing your organization’s detection and response capabilities in a real-world scenario.

Methodology
A standards-based security testing approach.

As threat actors have evolved over the years, the business of pentesting has evolved with them, mirroring and sometimes pre-empting their methods and findings. A pentest must be a thorough examination and verification of an organizations security preparedness, and several standards – such as the Penetration Testing Execution Standard (PTES) – have been developed to ensure a systematic approach to testing.  

Before the testing commences, the scope of the project must be discussed and defined: What is to be tested, which attack vectors are to be used, timeframe and cost structure. 

Reconnaissance is performed against the targets which are within scope, with an eye towards any information that may be useful within the testing scenario. Both open-source (OSINT) and proprietary intelligence sources may be utilized.

Automated network and web-application scanning to discover weak points and vulnerabilities in the target network infrastructure. Manual validation is performed on vulnerabilities which may be used during an attack.

An attack plan is developed and executed based on the above vulnerability analysis, utilizing the latest hacking tools and techniques. The goal is to bypass security measures and gain access to restricted networks or resources, as dictated in advance by the pre-engagement scoping phase.

Once a target device within the corporate network is exploited, the security tester may pivot to exploit further devices by utilizing the compromised machine, as well as attempting to escalate their privileges on the compromised device to gain as much access as possible.

The post-test report has two main sections. The first is an executive summary of the findings, with a focus on describing the most business-critical points. The second part details each vulnerability found and/or exploited, with a severity rating, and appropriate mitigation strategies.

Deliverables

We've received our report. Now what?

The report issued to your team at the end of a testing engagement is arguably the most important part of the project. Yet within the security industry, Ethical Hackers can often be heard complaining that their post-testing advice often goes unheeded, leaving them to re-discover the same security flaws in an environment year after year. We want to make sure your organization gets the full return on your security investment. 

A post-test debriefing is scheduled with your team to discuss all results and recommended mitigation steps. A brief, focused followup test can be scheduled to verify that the proper mitigation steps have been taken for a minimal additional fee..

Security Testing FAQ

The scope and objectives of each security testing engagement are determined by a consideration of several variables:

A Penetration Test is a more complex undertaking than a Vulnerability Assessment, as it involves attempting to actively exploit vulnerabilities most often discovered through semi-automated vulnerability scanning of the target network. It involves a human expertise that is less susceptible to being automated, and therefore may require a somewhat longer timeframe.

One of the main advantages of a pentest is that vulnerabilities discovered during automated scanning are assessed for their validity in the client’s network and computing environment. When multiple medium- to high-risk vulnerabilities are discovered during the scanning phase, they can be prioritized according to their real potential impact on the organization’s security posture. Pentesting can verify that what has been categorised as a vulnerability in general is indeed a risk and a potential attack vector within the specific environment and context of the organization being tested.

A pentest can also be used by security champions to support their request for more robust security measures to be implemented across an organization. The penetration test can provide an easy to understand, concrete example of the kind of damage a hacker could inflict were they to target the organization. 

The usual focus of a red-team engagement is testing and thereby helping to tune an organization’s defensive capabilities. Companies often spend significant sums in security technology purchases as well as security personnel salaries and training. Red-team engagements can help the organization verify that their budget is being spent in a way that produces maximal security value, and to provide relevant and detailed findings to optimise these investments as needed. For a company to extract the most value from red-teaming, it should usually already be on the way to a mature security posture, with at least the basics of a Security Operations Center – for example, a continuous security monitoring program – in place.

There are two basic perspectives from which a security tester can begin: Either by looking at a company from the “outside” – testing its external, internet-facing perimeter – or from the “inside” – testing the controls a company has in place within its security  perimeter. Internal testing is typically conducted by the client giving access to a virtual machine within their security perimeter, from which the tester can begin to verify internal security controls.

While the motivation for an external security assessment or pentest is clear – determining what security vulnerabilities or weaknesses would potentially be visible to a threat outside the company – the motivation for an internal test may be less so. 

An internal test is useful in a two-fold manner: Testing the internal security controls against a potential insider threat, as well as against an external threat actor who has succeeding in bypassing an organization’s internet-facing perimeter and defenses. In either of these situations it is critical to ensure that the damage such a threat actor can inflict is minimized – through network segmentation, access-controls based on the principle of least privilege, and other critical security mechanisms and policies.

A vulnerability scan, which forms the basis of a Vulnerability Assessment as well as, very often, a crucial stage in a Penetration Test, comes in two varieties: Non-credentialed (non-authenticated) and credentialed (authenticated). A network scanner can either scan the various hosts (devices) on a network as an outsider would – a threat actor who has no privileged access to any of the devices, or as an insider – usually an admin user. Performing the scanning as an admin user allows the scanner to achieve a significantly higher degree of viability into the inner workings of the network.

Yes. We can provide an Attestation as to the performance of appropriate security testing if your organization is asked for one as part of a VSR/A (Vendor Security Review/Assessment) or for any other reason.

Book a Test Today

Let us help fill the gaps in your corporate security posture.
Or call us to speak to an expert now:

+1 212 643 1850