Are you making it easy for hackers to gain access to your organisation's system?
Do you know what could happen if malicious hackers attempted to access your infrastructure, harvest passwords and data from your employees, or steal your customers’ details?
The results could be catastrophic. Security breaches and service interruptions are costly - the average cost of a data breach for an affected company is now $3.5 million*.
Regardless of their size, location, status or industry sector, no company is immune to vulnerabilities.
Penetration Testing identifies all areas of vulnerability within your system and helps you eliminate the many threats from hackers.
- What is Penetration Testing?
- Type of testing typically required
- Why perform Penetration Testing?
- Key Features
What is Penetration Testing?
A Penetration Test is a simulation of a malicious attack on a computer system, network or organisation from either an internal or external perspective, performed under 'real-life' conditions. Penetration testing allows you to test your entire infrastructure and ensure that your company's IT systems are secure from any internet based attack. The aim is not to destroy or damage a company's infrastructure but to underline the level of risk that exists within the company.
Unlike an automatic vulnerability assessment which involves little to no human interaction, Penetration Testing uses intelligent behaviour and include real-life comments from the highly skilled CHECK certified tester.
At the end of the testing your system will be declared either: Critical, High, Medium or Low risk and you will receive a detailed report including the test's findings and remediation solutions.
Type of testing typically required
An external penetration test mimics the real actions of a hacker; the tester is "blind" and has no prior knowledge of your
organisation's infrastructure. This allows you to address each specific vulnerability and ensure that your company’s IT systems are
secure from any external internet based attack.
Our investigations for an external test could include any of the following:
- External network testing
- Remote access review
- Website testing
- Web Application testing
- Mobile Application testing
- Source Code review
Internal Penetration testing involves finding and exploiting actual known and unknown vulnerabilities on your internal network
from the perspective of an inside attacker. The tester is provided with information of the internals of the systems being tested (user credentials, IP addresses, source codes, network protocols and diagrams..). The assessment reveals any potential issues that may allow a server to be compromised by a user already on the internal network.
Our investigations for the above test could include any of the following:
- Internal Infrastructure testing
- Laptop/workstation Review
- Server Review
- Wireless Vulnerability Assessment
- Mobile Device testing
Website Application Penetration Testing is a full test on the nominated website including testing for OWASP most common vulnerabilities. A web application test employs different software testing techniques to find "security bugs" in server/client applications of the organisation from the Internet.
We also provide PCI DSS ASV Scanning, an external scan of your infrastructure related to card payments, and Social Engineering which includes Remote Social Engineering, Perimeter & Internal Security Review and a Physical Building Access review.
Our Penetration Tests can be conducted in three different ways, and we will always advise you with the best approach based on your specific requirements.
- 'Black Box' testing - no previous information is supplied to the tester regarding the target system and simulates a real-life hacking scenario.
- 'White Box' testing - all information regarding the system is provided in advance, resulting in a precise and thorough testing of the entire infrastructure.
- 'Grey Box' testing - a combination of Black and White testing. Partial information (IP addresses, low-level user credentials...) is provided to the tester, in an attempt to escalate their access levels.
Contact one of our Web Security Consultants on email@example.com or (London office) to discuss the best solution for you as well as the other Penetration Testing services we provide.
Why perform Penetration Testing?
Our expert, highly skilled security and penetration testing specialists can examine the robustness of your infrastructure, networks, applications and policies to assess the resilience of your security controls, and to identify all the areas that a hacker could exploit to gain unauthorised access.
Based on a signed agreement between the tester and organisation, our in-depth tests provide assurance that companies can operate at a level of security that is suitable for handling sensitive information.
Our special Partners
We work alongside special partners who hold CHECK status and are Tigerscheme certified. The highly skilled penetration testing specialists are either SC (Security Check) or DV (Developed Vetting) cleared, so you are guaranteed the highest level of quality, consistency and confidentiality.
- Ensure 'Security Best Practice' is in place in your business
- Easy to set up and implement
- Agreement between customer and tester outlining the authorised scope to test
- On-going support - your dedicated Account Manager and Tester available to you before, during and after testing
- Quick reporting time - receive report within just 3 days
- In-depth report including a Management Overview, Technical Overview and full post-testing remediation solutions - suitable for each department in your company (IT, Management, Administration)
SSL247® are accredited experts with over 12 years experience in the Web Security industry and have achieved a variety of accreditations, including the EMEA Symantec Champion Award 2014 and the ISO 27001:2013 certification. We are specialists in Online Business Continuity.
Get in touch
For more information on how Penetration Testing can benefit your business just get in touch with one of our friendly accredited consultants for a no obligation discussion:
*2014 Cost of Data Breach Study: Global Analysis