Protect your business with Penetration Testing
In a time where news of data breaches are becoming “the new normal,” the need for organisations to evaluate their overall risk and avoid becoming the next victim has become critical. Organisations simply can’t protect themselves from risks they’re unaware of. Additionally, many organisations are simply unsure where to start.
Penetration testing, often referred to as pen testing, is a systematic process that simulates a cyberattack on an businesses computer systems and networks to uncover vulnerabilities allowing you to rectify them before malicious hackers can exploit them.
Cybersecurity Stress Test
Identify Weaknesses
Compliance Requirement
Rectifying Issues
Reducing Risk
Planning Phase
The preparation phase of penetration testing serves as the essential foundation upon which the entire cybersecurity assessment process is built. In this initial stage, meticulous planning, scoping, and resource allocation take precedence as organisations and ethical hackers collaborate to define the parameters and objectives of the assessment.
- Information Gathering – During the information gathering phase, we leverage several publicly accessible sources in order to gather as much information about the organisation’s environment as possible. This includes duplicate domains, IP address ranges (if possible), usernames and vulnerabilities listed from sites.
- Host Discovery – We leverage several techniques to facilitate host discovery techniques, including ping sweeps and port scans. We are able to perform several attempts to identify active systems within the ranges provided. This list of discovered hosts is then used to facilitate the remainder of the penetration test.
- Enumeration – This is based on the ports that were found open within the host discovery process. This process is supported by a combination of tools and we also analyse network-layer traffic to determine if any vulnerabilities could be discovered, such as the presence of broadcast protocols that may lead to exploitation.
Execution Phase
This phase involves a strategic blend of automated scanning, manual testing, and ethical exploitation of vulnerabilities, all with the overarching goal of identifying weaknesses before cyber criminals can exploit them and to provide organisations with a comprehensive view of their cyber security posture and how to rectify issues.
- Exploitation – With as much information enumerated as possible, our consultants perform exploitation, attempting to gain remote access to services or systems. We exercise extreme caution to only execute exploits that are known to be safe and avoid negative impact to the confidentiality, integrity, or availability of systems and/or resources.
- Post Exploitation – The objective of post exploitation is to gain as much access to the environment as possible, followed by the enumeration of sensitive information. Tools are used to parse the information that was extracted with the intention of discovering sensitive information such as credit card numbers, passwords, and more.
- Vulnerability Analysis – This includes performing a vulnerability scan across all systems that are accessible via the network environment using a database of known vulnerabilities. All vulnerabilities discovered during this process use the severity rankings and other data extracted from the vulnerability scanner.
Vulnerability Discovery
Risk Mitigation
Cost Saving
Compliance Assurance
Improved Security
Get started
We’re here to support and guide your business through the whole Cyber Essentials process and often is much quicker and less expensive than you thought. A simple survey of current system, process and technology will help us plan your journey though to Cyber Essentials accreditation.