CYBER SECURITY SOLOUTIONS > ADVICE & CONSULTANCY

What is Penetration Testing?

Penetration testing is an attack simulation conducted in accordance with guidelines, closely demonstrating real-world attacks that organisations face daily. 

This test seeks to identify vulnerabilities, weaknesses and mis-configurations, within the current security setup that could enable a malicious actor to compromise the systems within an organisation. 


More importantly, identifying security weaknesses that can lead to the compromise of confidentiality, integrity or loss of availability of business data.

Speak with a Cyber Expert

Penetration Testsing assists with

IDENTIFYING AREAS FOR IMPROVEMENT

Covering unsupported software; out-dated software; unsupported hardware; weak security configurations; lack of staff awareness around security; and many more

PROVIDING BUSINESS ASSURANCE

Allowing organisations to adequately address these areas for improvement by implementing a flexible and effective control framework with real time monitoring capabilities.

CUSTOMER CONFIDENCE

An indicator that measures the degree of optimism that you will feel about the overall state of their security posture which will be improved after applying the recommendations that follow the penetration test.

CONFIDENCE FOR YOUR CLIENTS

If your current or new clients know you have undergone a penetration test, and you have acted on the recommendations, then this will provide more confidence for them to utilise your services

"Only 52% of large businesses and 23% of high-income charities carry out penetration testing"

Cyber Security Breaches Survey 2021

What can Penetration Tests be performed on?

Websites

Web application tests focus on vulnerabilities such as coding errors or software responding to certain requests in unintended ways.

Internal Infrastructure

Internal penetration tests focus on what a 'hacker' with inside access could achieve.

External Infrastructure

External penetration tests identify and test security vulnerabilities that might allow 'hackers' to gain access from outside the network.

Wi-Fi

If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests.

Applications

Application tests focus on vulnerabilities such as coding errors or (application programming interface) API's responding to certain requests in unintended ways.

Social Engineering

Social Engineering tests the humans using phishing, pharming and BEC (business email compromise) to gain access to target systems.

Frequently Asked Questions

  • How can I prepare for a Penetration Test?

    Unless we are doing a blind penetration test (where we know nothing about your network infrastructure and/or systems), you need to have an up-to-date network diagram and a data-flow map for your environment. You should also know what services should be open through your network or available through your web application. You don’t necessarily need to share all of this information with us, but it will help you be ready in case they we into an issue or require more information. 

  • How long do Penetration Tests last?

    The duration of a penetration test can vary depending on what we are testing and how big the infrastructure and/or application(s) is. On average, most penetration tests take two to four days.

  • Can a Penetration Test be disruptive to my business?

    Depending on the type of tests we are carrying out, there is a possibility that the test can be disruptive. However, if we deem a process or exploit to be business disruptive, we will always seek approval (normally from the approved contact) before carrying it out. If most of the test is disruptive, we will perform the tests outside of working hours or normal operation.

  • How often should my business have a Penetration Test?

    We recommend that penetration tests are carried out at least annually. Sometimes, there may be requirements to have penetration tests every 6 months, or even quarterly. If you are unsure about how often you should carry this out, please contact us today and one of our Cyber Experts will be happy to help. 

  • What is the process of a Penetration Test?

    First of all, one of our Cyber Experts will carry out a scoping session with you. This will allow our testing team to understand what they are testing and what the goals of the test are. During this session, you will have an opportunity to discuss any special requirements you may have for the test – this may include the need for out-of-hours testing, any critical systems where special handling restrictions are required, or other issues specific to your organisation. 


    Once complete, the testing team will put together a plan of action detailing the scope and process of the testing along with any special requirements and key contacts during the testing windows. You will then need to sign this off.


    Then, at the agreed time and date, the penetration test will commence! During this time the testing team will stay in contact with the key contacts ensuring updates are being delivered. 


    Once the testing is complete, you will receive a report within 48-72 working hours after test completion. This report will detail the scope of the test, any vulnerabilities uncovered, how they were uncovered and remediation advice. As well as this you will receive general security posture comments from out testers to advise how you can improve your businesses security posture.


    Finally, once you have remediated all issues discovered, our testing team can come back in and carry out a re-test to ensure all vulnerabilities discovered have been patched.

  • What Penetration Testing methodology do you use?

    We use the Crest penetration testing methodology.

paper_plane

MAILING LIST

Sign up and stay up-to-date wIth the latest Cyber Security Trends

Sign Up

SPEAK WITH A CYBER EXPERT TODAY

Fill in the form or call us on 0333 305 0605 and one of our Cyber Security experts will be happy to assist you