How can I prepare for a Penetration Test?

Unless we are doing a blind penetration test (where we know nothing about your network infrastructure and/or systems), you need to have an up-to-date network diagram and a data-flow map for your environment. You should also know what services should be open through your network or available through your web application. You don’t necessarily need to share all of this information with us, but it will help you be ready in case they we into an issue or require more information.

How long do Penetration Tests last?

The duration of a penetration test can vary depending on what we are testing and how big the infrastructure and/or application(s) is. On average, most penetration tests take two to four days.

Can a Penetration Test be disruptive to my business?

Depending on the type of tests we are carrying out, there is a possibility that the test can be disruptive. However, if we deem a process or exploit to be business disruptive, we will always seek approval (normally from the approved contact) before carrying it out. If most of the test is disruptive, we will perform the tests outside of working hours or normal operation.

How often should my business have a Penetration Test?

We recommend that penetration tests are carried out at least annually. Sometimes, there may be requirements to have penetration tests every 6 months, or even quarterly. If you are unsure about how often you should carry this out, please contact us today and one of our Cyber Experts will be happy to help.

What is the process of a Penetration Test?

First of all, one of our Cyber Experts will carry out a scoping session with you. This will allow our testing team to understand what they are testing and what the goals of the test are. During this session, you will have an opportunity to discuss any special requirements you may have for the test – this may include the need for out-of-hours testing, any critical systems where special handling restrictions are required, or other issues specific to your organisation. Once complete, the testing team will put together a plan of action detailing the scope and process of the testing along with any special requirements and key contacts during the testing windows. You will then need to sign this off. Then, at the agreed time and date, the penetration test will commence! During this time the testing team will stay in contact with the key contacts ensuring updates are being delivered. Once the testing is complete, you will receive a report within 48-72 working hours after test completion. This report will detail the scope of the test, any vulnerabilities uncovered, how they were uncovered and remediation advice. As well as this you will receive general security posture comments from out testers to advise how you can improve your businesses security posture. Finally, once you have remediated all issues discovered, our testing team can come back in and carry out a re-test to ensure all vulnerabilities discovered have been patched.

What Penetration Testing methodology do you use?

We use the Crest penetration testing methodology.

CYBER SECURITY SOLOUTIONS > ADVICE & CONSULTANCY

Website Application Penetration Testing

A web application penetration test aims to identify security issues resulting from vulnerabilities in the design, coding and publishing of software or a website.

This can include:

Testing user authentication to verify that accounts cannot compromise data;
Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
Safeguarding web server security and database server security.

The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

OUR APPROACH

KEY FEATURES

BENEFITS

Responsible for a website or web application?

Ask yourself:

Could your application be exploited to access your network?
Do you use an off-the-shelf CMS (content management system)? Is it vulnerable to attack?
Could your identity credentials be hacked, or account privileges escalated?
Do you process or store payment details on your website?
Does your application store personally identifiable information at the back-end?
Is your API secure?

Our approach to testing...

For each URL within scope, we perform online reconnaissance to gather information pertaining to the site that is publicly available in search engines and other online indexing services.

Next we will map out the application using a sophisticated crawling engine. The crawler combines traditional web scraping with a browser-based crawler which implements artificial intelligence to mimic typical application user behaviour.

The “Mapped Attack Surface” enumerated during the initial phases of the scan, is then subject to methodical security testing. Typically, the assessment process works by taking each user supplied data component, such as a form field of query string parameter, then modifies it to include a specific test case before submitting it to the server. Based on the applications response, further test cases are then submitted through the same method to confirm the vulnerability.

Common vulnerabilities detected during the web application scan include; Injection flaws such as SQL, NoSQL, XML, Code, and Command injection, Cross-Site Scripting and hundreds of other vulnerability classes arising from insecure code.

Infrastructure scanning includes all components that are not covered within the application scanning phase. The infrastructure scan begins by port scanning each host to identify accessible services. Each service is then enumerated for vulnerabilities such as, but not limited to: missing security patches; configuration weaknesses; and information disclosure vulnerabilities.

Common vulnerabilities detected during the infrastrucure scanning phase includes: missing operating system patches; weak administrative passwords; and access control vulnerabilities.

If your website is hosted on Amazon Web Services, Google Cloud or Azure, we can launch specific configuration assessments to identify configuration weaknesses.

At completion, we provide a detailed report listing the potential impact, a technical narrative detailing how the flaw was detected and detailed remediation advice. Where possible, proof of concept examples are provided so that the flaw can be easily recreated and demonstrated to the relevant stakeholders.

Benefits

Gain real-world insight into your vulnerabilities.

Improve access

control.

Keep untrusted data separate from commands and queries.

Discover the most vulnerable route through which an attack can be made.

Develop strong authentication and session management controls.

Find any loopholes that could lead to the theft of sensitive data.

We take a first principals approach to application vulnerability detection, and therefore we are not bound to any platform or signature database

Rather than use a database of static signatures, we approach each test in the same way a hacker or penetration tester would and apply a testing methodology. The vast majority of application security flaws, such as SQL Injection and Cross-Site Scripting arise from insecure processing of input supplied by the client. We adopt a first principals approach when testing each input by examining the original expected value and the servers response when the value is modified. By adopting this methodology, we are able to determine how data may be being processed by the server and can then dynamically evolve each test to identify vulnerabilities. This approach results in more accurate testing and allows us to identify security flaws that may be masked by security filters and Intrusion Prevention Systems (IPS), but could still be exploited by a real-world attacker.

Key Features

Zero Day Detection

We detect security flaws by adopting a first principles methodology rather than firing checks from a known vulnerability database. This approach successfully identifies security flaws within applications and systems that are previously unknown and undisclosed. We can then work directly with the vendor to ensure the flaw is fixed and a patch is made available.

Browser-based crawler

Modern web applications built on frameworks such as Angular and ReactJS prove problematic for traditional crawlers that rely on scraping HTML. Navigation and other key application components are often driven through JavaScript events which are completely invisible when analysing HTML.

To overcome this limitation, we use a browser-based crawler that combines application modelling techniques and subtle heuristical cues to automatically discover the complete attack surface of any given application in the shortest time possible.

Safe Exploitation

A key deliverable in professional penetration testing is to demonstrate the real-world impact of discovered vulnerabilities.

We provide an option to safely exploit vulnerabilities so that real business impact can be demonstrated to all stake holders from board level to the development team.

OWASP Top 10

Web application scanning covers all known vulnerability classes including all of the OWASP top 10. Easily view and manage all your known OWASP top 10 vulnerabilities in scans and reports.

Speak with a Cyber Expert

Temporary components such as micro-sites and marketing landing pages can become forgotten and unmaintained. These no-longer linked components may hide a critical security flaw and therefore it is important we test every component an attacker may target. We query search engines such as Google and other online indexing services to gather a list of URLS both past and present to factor into the attack discovery phase.

Open source intelligence gathering

Birthday Sparks

There are many different penetration testing methods that can be carried out against your business. They all have their own unique benefits and should be carried out annually, as a minimum requirement, to ensure continuing business compliance

Button

A web application penetration test aims to identify security issues resulting from vulnerabilities in the design, coding and publishing of software or a website.

Button

Frequently Asked Questions

How can I prepare for a Penetration Test?

Unless we are doing a blind penetration test (where we know nothing about your network infrastructure and/or systems), you need to have an up-to-date network diagram and a data-flow map for your environment. You should also know what services should be open through your network or available through your web application. You don’t necessarily need to share all of this information with us, but it will help you be ready in case they we into an issue or require more information.
How long do Penetration Tests last?

The duration of a penetration test can vary depending on what we are testing and how big the infrastructure and/or application(s) is. On average, most penetration tests take two to four days.
Can a Penetration Test be disruptive to my business?

Depending on the type of tests we are carrying out, there is a possibility that the test can be disruptive. However, if we deem a process or exploit to be business disruptive, we will always seek approval (normally from the approved contact) before carrying it out. If most of the test is disruptive, we will perform the tests outside of working hours or normal operation.
How often should my business have a Penetration Test?

We recommend that penetration tests are carried out at least annually. Sometimes, there may be requirements to have penetration tests every 6 months, or even quarterly. If you are unsure about how often you should carry this out, please contact us today and one of our Cyber Experts will be happy to help.
What is the process of a Penetration Test?

First of all, one of our Cyber Experts will carry out a scoping session with you. This will allow our testing team to understand what they are testing and what the goals of the test are. During this session, you will have an opportunity to discuss any special requirements you may have for the test – this may include the need for out-of-hours testing, any critical systems where special handling restrictions are required, or other issues specific to your organisation.

Once complete, the testing team will put together a plan of action detailing the scope and process of the testing along with any special requirements and key contacts during the testing windows. You will then need to sign this off.

Then, at the agreed time and date, the penetration test will commence! During this time the testing team will stay in contact with the key contacts ensuring updates are being delivered.

Once the testing is complete, you will receive a report within 48-72 working hours after test completion. This report will detail the scope of the test, any vulnerabilities uncovered, how they were uncovered and remediation advice. As well as this you will receive general security posture comments from out testers to advise how you can improve your businesses security posture.

Finally, once you have remediated all issues discovered, our testing team can come back in and carry out a re-test to ensure all vulnerabilities discovered have been patched.
What Penetration Testing methodology do you use?

We use the Crest penetration testing methodology.

MAILING LIST

SPEAK WITH A CYBER EXPERT TODAY

Fill in the form or call us on 0333 305 0605 and one of our Cyber Security experts will be happy to assist you