What is a Penetration Test?
A Penetration Test is an authorised ethical hacking exercise against an organisation’s infrastructure, applications and staff. The aim of the test is to improve security by discovering areas that are susceptible to compromise and reducing vulnerabilities.
Our Methodology
- Information gathering aka reconnaissance
- Identifying and prioritising vulnerabilities
- Exploiting vulnerabilities and determining risk
- Executive and technical level reporting with actionable remediation intelligence
Types of Penetration Testing
Web Application/API Penetration Testing
Test the security of your web applications and APIs to identify vulnerabilities in code and configuration.
External Penetration Testing
Test your internet-facing servers and services against external threats to prevent unauthorized access.
Internal Penetration Testing
Assess the security of your internal network to detect and fix vulnerabilities that could be exploited by insiders or breached accounts.
Mobile Penetration Testing
Test your mobile applications to uncover security flaws and ensure data protection for users.
Wireless Penetration Testing
Test your wireless networks to identify security weaknesses and prevent unauthorized access.
Cloud Penetration Testing
Test the security of your cloud environment to detect misconfigurations and vulnerabilities that could be exploited by attackers
Web Application/API Penetration Testing
Test the security of your web applications and APIs to identify vulnerabilities in code and configuration.
External Penetration Testing
Test your internet-facing servers and services against external threats to prevent unauthorized access.
Internal Penetration Testing
Assess the security of your internal network to detect and fix vulnerabilities that could be exploited by insiders or breached accounts.
Mobile Penetration Testing
Test your mobile applications to uncover security flaws and ensure data protection for users.
Wireless Penetration Testing
Test your wireless networks to identify security weaknesses and prevent unauthorized access.
Cloud Penetration Testing
Test the security of your cloud environment to detect misconfigurations and vulnerabilities that could be exploited by attackers
Continuous Penetration Testing
Continuous penetration testing provides ongoing security assessments to identify vulnerabilities in your systems, applications, and networks on a regular basis. Unlike traditional penetration tests that occur at a single point in time, continuous testing offers real-time insights into your security posture by simulating attacks throughout the year. This approach ensures that newly discovered vulnerabilities and emerging threats are promptly identified and addressed before they can be exploited.
By integrating continuous penetration testing into your security strategy, you benefit from constant monitoring and a proactive defense against cyber threats. It helps you stay ahead of attackers by regularly testing your infrastructure, detecting weaknesses as they arise, and enabling swift remediation to maintain a robust security posture.
This service is particularly suited for organizations with dynamic environments, such as those regularly deploying updates or new features to their web applications and SaaS platforms. Continuous testing ensures that any vulnerabilities introduced through development cycles or infrastructure changes are swiftly identified and remediated, maintaining the security integrity of the product.
Red Team
Red team assessments simulate real-world, advanced attacks by highly skilled adversaries to test the effectiveness of your organization’s defenses. The goal is to challenge your security systems, detection capabilities, and incident response processes under realistic threat scenarios. A red team goes beyond vulnerability scanning by employing tactics, techniques, and procedures used by sophisticated attackers, including stealthy methods to bypass your security controls.
Red teaming allows your organization to experience a true test of resilience, uncovering weaknesses that may not be revealed through standard testing. It’s an excellent way to evaluate how well your security team can detect and respond to an advanced attack and provides actionable insights to improve overall security maturity. This service is critical for businesses seeking to bolster their defenses against highly targeted or persistent threats.
Social Engineering
Social engineering tests assess how vulnerable your organization is to manipulation tactics that exploit human behavior. These tests evaluate your staff’s ability to recognize and respond to various forms of psychological manipulation used by attackers. Below are some common social engineering techniques:
- Phishing: Attackers send fraudulent emails designed to trick recipients into revealing sensitive information or downloading malicious software.
- Spear Phishing: A more targeted form of phishing, where attackers customize the email to appear as though it’s from a trusted source, making it more convincing.
- Vishing (Voice Phishing): Attackers use phone calls to impersonate trusted entities (e.g., IT support, banks) and trick individuals into revealing confidential information.
Phishing
Attackers send fraudulent emails designed to trick recipients into revealing sensitive information or downloading malicious software.
Spear Phishing
A more targeted form of phishing, where attackers customize the email to appear as though it’s from a trusted source, making it more convincing.
Vishing (Voice Phishing)
Attackers use phone calls to impersonate trusted entities (e.g., IT support, banks) and trick individuals into revealing confidential information.
Smishing (SMS Phishing)
Similar to phishing but conducted through text messages. Attackers send malicious links or requests for personal information via SMS.
Physical Social Engineering
Attackers attempt to gain unauthorized physical access to secure areas by exploiting trust or manipulating security staff through methods like tailgating or impersonation.
Our Approach
Customer First
We understand your requirements and prioritise your goals. Our team will work hand in hand with you throughout the entire process so you get the most out of your testing exercise.
Testing Guidelines
Testing Standards
- The Open Web Application Security Project (OWASP)
- The National Institute of Standards and Technology (NIST)
- Source Security Testing Methodology Manual (OSSTMM)
- Penetration Testing and Execution Standard (PTES)
- Penetration Testing Framework
- Australian Government Security Policies and Guidelines
Comprehensive Results
At the end of the exercise, we will deliver a detailed executive and technical level report. The report will include all the findings of the testing and can be used for remediation of the findings as well as a high level reporting document for the executive team. We will also provide you with a certificate of completion.
