Can hackers easily gain access to your company's IT system?
Do you know what could happen if malicious hackers attempted to access your infrastructure, harvest passwords and data from your employees, or steal your customers’ details?
The results could be catastrophic. Security breaches and service interruptions are expensive for business - the average cost of a data breach for an affected company is now $3.5 million*.
Regardless of their size, location, status or industry sector, no company is immune to vulnerabilities.
Penetration Testing is an effective risk-management process which can identify the areas of vulnerability within your organisation's system so that you can eliminate the threats posed by hackers.
- What is Penetration Testing?
- Type of testing typically required
- Why perform Penetration Testing?
- Key Features
What is Penetration Testing?
A Penetration Test is a ethical means of hacking a computer system- it simulates a real-life attack on a computer system, network or organisation from either an internal or external perspective. Penetration testing allows you to test your entire infrastructure for security vulnerabilities so that you can be sure that your company's IT systems are secure from any internet based attack. There will be no damage to the infrastructure being tested; the aim is to highlight the risk associated with the company's computer systems.
An automatic vulnerability assessment does not use human interaction whereas Penetration Testing makes use of intelligent behaviour accompanied by real-life comments from the highly skilled CHECK certified testers.
Your system will be declared either: Critical, High, Medium or Low risk once testing has been completed and you will receive an in-depth report outlining the test's findings and steps for complete remediation.
Type of testing typically required
An external penetration test is designed to be an imitation of a real hack attack; the tester is "blind" and is not provided with any knowledge of your
organisation's infrastructure beforehand.Each individual vulnerability can be targeted to test your company’s IT systems against any form of external internet based attack.
Our investigations for an external test could include any of the following:
- External network testing
- Remote access review
- Website testing
- Web Application testing
- Mobile Application testing
- Source Code review
Internal Penetration testing takes place from the perspective of an attack with inside knowledge of the IT infrastructure and both known and unknown vulnerabilities are targeted. The tester will be provided with varying levels of information concerning the internals of the systems being tested (user credentials, IP addresses, source codes, network protocols and diagrams..). This type of assessment will expose any potential issues that may allow a server to be compromised by a user already working within the internal network.
Our investigations for the above test could include any of the following:
- Internal Infrastructure testing
- Laptop/workstation Review
- Server Review
- Wireless Vulnerability Assessment
- Mobile Device testing
Website Application Penetration Testing is a full test on the chosen website including testing for OWASP most common vulnerabilities. A web application test employs different software testing techniques to find "security bugs" in server/client applications of the organisation from the Internet.
Additionally, we also provide PCI DSS ASV Scanning, an external scan of your infrastructure related to card payments, and Social Engineering which includes Remote Social Engineering, Perimeter & Internal Security Review and a Physical Building Access review.
Our Penetration Tests can be occur in three different ways, and as this isn't a one-size-fits-all solution, we will always strive for the best approach based on your specific needs.
- 'Black Box' testing - the tester is not provided with any previous information regarding the target system and this type of testing simulates a real-life hacking scenario.
- 'White Box' testing - the tester receives information regarding the system in advance, and this allows for a precise and comprehensive testing of the entire infrastructure.
- 'Grey Box' testing - a combination of Black and White testing. Partial information (IP addresses, low-level user credentials...) is provided to the tester in advance, in an attempt to increase their access levels to the system.
Contact one of our Web Security Consultants on firstname.lastname@example.org or 1-800-511-9176 to discuss the best solution for you as well as the other Penetration Testing services we provide.
Why should you perform Penetration Testing?
Our highly trained and experienced security and penetration testing specialists will investigate the strength of your infrastructure, networks, applications and policies. They will assess the resilience of your security controls, and identify any areas which could be exploited by a hacker.
Based on a signed agreement between the tester and organisation, our in-depth tests provide assurance that companies can operate at a level of security that is suitable for handling sensitive information.
Our special Partners
We work alongside special partners who hold CHECK status and are Tigerscheme certified. The highly skilled penetration testing specialists are either SC (Security Check) or DV (Developed Vetting) cleared, so you are guaranteed the highest level of quality, consistency and confidentiality.
- Ensure 'Security Best Practice' is in place in your business
- Simple set up and implementation
- Signed agreement between you and and your tester outlining the agreed scope they are authorised to test
- On-going help and support - your dedicated Account Manager and Tester available to you through the entire testing process
- Fast reporting time - receive your report within just 3 days
- In-depth report including a Management Overview, Technical Overview and full post-testing remediation solutions - designed for each department in your organisation (IT, Management, Administration)
SSL247® are accredited experts with over 12 years experience in the Web Security industry and a variety of accreditations including the EMEA Symantec Champion Award 2014 and the ISO 27001:2013 certification. We specialise in Online Business Continuity.
Get in touch with us today
For more information on how Penetration Testing can protect your business contact our friendly accredited consultants today for a no-obligation discussion:
*2014 Cost of Data Breach Study: Global Analysis