Penetration TestingA penetration test, also known as a pentest, consists of auditing networks, computers and software in order to identify security vulnerabilities. Using our tried-and-tested approach, the entire process is carried out from a real attacker's perspective and it is often intrusive - involving exploitation of potential security breaches.
AdvantagesA penetration test is helpful for a number of very good reasons, such as
- Finding security weaknesses before others do - and by ‘others’, we do not mean those nice people who would fix them for you
- Validating existing security measures, policies and IT/InfoSec personnel skills
- Ensuring compliance with regulations and standards e.g. PCI DSS, ISO/IEC 27001
Our approach and methodologyOur team consists of people who are experienced at what they do and, even more importantly, who enjoy what they do - without relying on automated tools. While automated scanners are useful to get a broad security view, it is those ‘small’ details that are usually the ones which lead to a full system compromise.
Our main advantage comes from our complete understanding of how real attackers operate: we know exactly what they do in order to compromise your valuable data - and how they do it. Therefore, our pentest service is tailored to real-world attacks rather than following testing instructions by the book.
ResultsWhat we don’t do is provide a 200-page report bloated with descriptions of TCP ports, trace-route output and fancy pie-charts. We much prefer to keep it simple, focusing on the information that is relevant to you, and which should help you secure your assets. This essentially means
- A description of vulnerabilities found
- PoC exploits, proof of exploitation (e.g. screenshots)
- Solutions and fixes
Trust and commitmentDealing with sensitive information such as potential vulnerabilities is something we take very seriously. This is why we
- always sign an NDA with our customers
- do the remote tests from a physically secured location
- deliver reports in encrypted form, which are deleted once they are sent
- ensure that all tests are done in a disposable virtual machine, which is erased upon finishing the tests
Simply put: you pay less if you are already secure.
Contact us for more details about our Penetration Testing services.