Penetration testing

A lot of time and money goes into protecting business systems and information, but how do you know that your controls are effective and that your environment is secure?

A penetration test is essentially an authorised ‘ethical’ cyber-attack against your IT systems. Designed to test the effectiveness of your cyber security controls at preventing exploitation of vulnerabilities by using the same tools and techniques as actual cyber criminals.

Regular penetration testing has evolved into best practice as part of a comprehensive cybersecurity strategy, but it is also a regulatory requirement for many industries. With your authorisation, our team of cyber security experts will act as ‘cyber criminals;, testing the strength of your security. We will provide visibility of exploitable weaknesses and make tailored recommendations to help you address any security gaps.

Our cyber team has extensive experience delivering penetration testing options, be it on-premises, cloud or hybrid. We will design a test that’s right for your organisation’s operational context. Options include:

  • internal penetration testing – infrastructure, wireless, systems and applications;
  • external penetration testing – perimeter, infrastructure, access ; and
  • web application penetration testing – applications, websites, APIs.

We work with you to understand your penetration test objectives and create a tailored approach that provides visibility of your attack surface and importantly your current level of exposure. These options include:

  • multi vector penetration testing; and
  • threat-led penetration testing.
  • Infrastructure
  • WebApp
  • Tailored

Infrastructure

External penetration test

We will act as an external attacker and use tactics, techniques and procedures used by attackers in an attempt to breach your public facing systems. This will identify exploitable vulnerabilities and open paths into your environment.

Internal penetration test

Typically, the target of a cyber-criminal is to gain access to your internal environment, in our experience a determined and skilled attacker is likely to achieve this target. Through internal penetration testing we simulate the actions that an attacker is likely to take after they have gained access to assess the effectiveness of your controls that prevent them from achieving their full objectives.

WebApp

Web applications including websites are the shop window of many organisations and can be used by attackers to intercept traffic, steal data or gain access to systems.

We craft specialised attacks against your web applications and programming interfaces to identify exploitable weaknesses that could be comprised by an attacker.

Tailored

Multi-vector social engineering

Over 90% of cyber-attacks involve a human element. A social engineering test will help you assess and understand the susceptibility of your staff from being manipulated to perform unwanted actions by an attacker to gain access to information, credentials or to your systems. Common attack methods could include email, phone, face to face, USB drops, and social media mining.

Multi-vector physical

We will attempt to breach your physical security measures to gain access to your network and sensitive information. Common attack methods leverage social engineering techniques and your staff’s awareness and challenge culture.

Threat-led penetration testing

Our threat-led penetration testing is objective-oriented versus being scope defined. This approach replicates all the stages of an attack lifecycle with attack targeting and vector use driven by the intelligence that we gather through mapping of your attack surface, performing open-source threat intelligence gathering and identifying attack paths with the highest likelihood of success.

Why conduct a penetration test?

  • Regulatory requirement and customer expectation
  • Gain visibility of your risk and exposure
  • Validate the effectiveness of your cyber security controls
  • Understand your exposure to emerging threats
  • Understand your investment requirements to manage cyber risk

Scoping a penetration test

Scoping a penetration test can be challenging, our team of cyber experts will work with you to understand the needs and objectives of your organisation and tailor an approach that is right for you.

To find out more, please contact Stuart Leach or Richard Curtis.

stuart-leach
Stuart Leach
Partner
Contact Stuart Leach +44 (0)1908 687800
Richard Curtis
Richard Curtis
Technology Assurance Director
Contact Richard Curtis +44 (0)7818 002534
stuart-leach
Stuart Leach
Partner
Contact Stuart Leach +44 (0)1908 687800
Richard Curtis
Richard Curtis
Technology Assurance Director
Contact Richard Curtis +44 (0)7818 002534
Services

Related insights

How can companies combat cyber-attacks with offensive security?

Stuart Leach, Richard Curtis
18 Oct 2023

Penetration testing – the what, the how and the when

Stuart Leach, Sheila Pancholi
22 Jun 2023