May 1, 2017

Penetration Testing, Ethical Hacking and Technical Security Assessments

A penetration test or “pen test” mimics the actions of a focused attacker attempting to exploit weaknesses in the security of your systems using real world tactics, techniques and procedures.  Our testing examines your IT systems for any security weakness that could be used by an attacker to compromise your environment and either steal your information or damaged and destroy your IT systems. We will assess the security of the systems in scope and depending on the IT services discovered, approach any potential vulnerabilities just as a real-world attacker would.  By exploiting weaknesses in system code, the human element and mis-configuration of applications and operating systems, we will gain an initial foothold in your environment and move laterally through your network harvesting user passwords and eventually taking control of your network.  At the end of the engagement we will provide you with a risk assessed and prioritised list of the weaknesses we exploited and practicable and pragmatic recommendations for improvement and remediation.

Our professional and expert ethical hackers can perform:

  • External or internal infrastructure penetration testing (end points, networks, servers, virtualisation technologies and cloud environments)
  • Citrix breakout testing
  • Web application penetration testing
  • Mobile application penetration testing
  • Wireless network penetration testing

CyberRisk Value

We can provide answers to the following questions:

  • How vulnerable is my organisation to a hacking attack?
  • Does my security posture have any weaknesses?
  • Are my systems secured from internal and external threat actors?
  • Do any weaknesses or vulnerabilities exist in my environment, and if so, how can hackers exploit them and how far can they go?
  • Can an attacker hack into my web applications and internal network?

When purchasing a penetration test, it’s important to have complete confidence in the provider you choose to perform the testing.

 

CREST accreditation is well established as a ‘stamp of approval’ for a high-quality penetration test.

CyberRisk is a CREST accredited company.

The Council for Registered Ethical Security Testers (CREST) is an international not-for-profit accreditation and certification body which represents and supports the technical information security market. CREST provides internationally recognised accreditation for organisations and professional level certification for individuals who provide penetration testing and other services such as cyber incident response, threat intelligence and Security Operations Centre (SOC) services. CREST provides the confidence that penetration testing, threat intelligence and cyber incident response services will be carried out by qualified individuals with up-to-date knowledge, skills and competence, supported by a professional services company with appropriate data handling processes, quality assurance policies and technical methodologies. To achieve CREST accreditation, companies must undergo a rigorous assessment of business processes, data security and security testing methodologies.

CREST-certified pen testing services provide assurance that the entire pen testing process will be conducted to the highest legal, ethical and technical standards. The CREST pen testing process follows best practice in key areas such as preparation and scoping, execution, reporting and data protection.