A service where a human tester will safely exploit security weaknesses to gain further access to your critical systems, therefore mimicking the actions of a potential hacker.
Penetration Testing
Always on the lookout for threats
Take control.
Identify your high risk vulnerabilities so you can prioritise your remediation activities.
Exhibit a cyber security culture.
Demonstrate a mature security culture within your organisation and its stakeholders.
Demonstrate compliance.
Meet regulatory and compliance standards, such as PCI DSS and ISO27001.
Vulnerabilities exist in operating systems, services and applications. They are created through application flaws, improper configurations and end-user behaviours. A penetration test can help to validate adherence to internal policies and the effectiveness of controls across any business infrastructure.
WHY SECON
Choose the penetration test that's right for you
Infrastructure Penetration Test (External).
The external network-layer penetration test provides a ‘real world’ understanding of your internet-facing environment and what could be exploited by the nefarious actions of a hacker or rogue employee. The test is conducted off-site. Network layer penetration testing identifies weaknesses with the configuration of internet-facing system components and identified any security flaws due to missing patches or misconfigurations. External penetration testing can also be conducted against cloud-based infrastructure. Our external penetration testing support PCI DSS requirement 11.3, 11.3.1 & 11.3.3.
Infrastructure Penetration Test (Internal).
The internal network-layer penetration test provides a ‘real world’ understanding of how your environment looks and what could be exploited by the nefarious actions of a hacker or rogue employee. The test is usually conducted on-site, however, depending on the size and scale of the agreed scope, it can also be conducted remotely. Network layer penetration testing identifies weaknesses with the configuration of internal system components such as firewalls, routers, switches, servers, desktops, laptop, tablet devices, etc. and identifies any security flaws due to missing patches or misconfigurations. Internal penetration testing can also be conducted against cloud-based infrastructure. Our internal penetration testing support PCI DSS requirement 11.3, 11.3.2 & 11.3.3.
Web Application Penetration Test (External).
Web application penetration testing is conducted from our secure data centre and aims to identify application layer vulnerabilities. Throughout the testing process the application will be subject to both automated and manual tests, to determine if it is susceptible to the Open Web Application Security Project (OWASP) top-10 list of application vulnerabilities. Further testing is available for specialist areas including the OWASP mobile top 10, SANS, NIST or compliance framework-based testing. Web applications penetration tests can also be conducted for internally facing web-based applications. Our web application testing supports PCI DSS requirements 6.6, 11.3, 11.3.1 and 11.3.3.
Web API Penetration Test (External).
Web API penetration testing is conducted from our secure data centre and aims to identify vulnerabilities in web-based application programming interfaces. These are generally RESTful or SOAP implementations used to securely exchange data between systems. We use the OWASP API Security Project Framework to conduct web API testing. APIs are generally provided as internet-facing interfaces, although internal APIs can also be tested.
Mobile Application Test.
In the modern world, organisations are pushing out mobile apps to clients and staff members – these apps pose a significant risk of losing data therefore testing them regularly is essential to any security plan. We will test features such as application sandboxing and mobile platform usage, transmission and storage of data, authentication mechanisms and cryptographic mechanisms. Mobile application testing is generally conducted against Apple IOS and Android platforms, although other less popular platforms can be accommodated.
Wireless Infrastructure Test.
Wireless infrastructure tests are conducted on-site and covers internal, approved wireless network configuration and security, guest, third party or internet-only wireless network configuration and security and identification of any unauthorised wireless devices. Our wireless infrastructure testing supports PCI DSS requirements 1.2.3, 2.1.1, 4.1.1 and 11.1.
Network Segmentation Test (Internal).
The network segmentation test ensures that sensitive business functions are isolated from other areas of the network. Segmentation testing ensures that this isolation is effective and appropriate to enable sensitive business functions to remain secure. Our network segmentation testing supports PCI DSS requirements 11.3.4 & 11.3.4.1.
Cloud Systems Penetration Test.
Internal, external and segmentation testing can be conducted against cloud-based infrastructure. Standard virtual machines, network security groups, Docker-based microservices managed by Kubernetes can all be tested for vulnerabilities to ensure system configurations are correct and security patches are up-to-date.