You have set up the network, computers, cloud servers, websites and apps and you think it’s secure. How do you know?
We test your security just like a hacker would using real world attacks to attempt to gain access.
We share our industry leading report providing the details of all vulnerabilities found and how to fix them.
Our expert penetration testers are experienced and trained in hacking complex computer networks, systems, websites, APIs and apps.
Once we receive permission from the client to complete our ethical hacking, the relevant URLs, IP addresses, apps, APIs and logins are provided which allow us to commence hacking activities. Login access is important as it allows us to quickly identify potential access points and specifically test the security of those access points.
We use a combination of manual testing following a standardised process along with tools and in-house developed code to identify points of weakness. Testing can typically be completed over 1-2 weeks. All identified vulnerabilities are then documented with recommended rectification actions in a clear and concise report.
For most engagements, we will then perform a retest of the resolved vulnerabilities to confirm the effectiveness of the applied fixes.
Our client engaged us to perform penetration testing for their website and during testing, we identified a vulnerability which allowed us to gain full admin access to their entire website and all client data. This is a common finding, however our client was very surprised to learn we had been able to gain full access. On further discussion, we learned that the client had performed penetration testing a year earlier via a vendor recommended by a large financial company and no vulnerabilities had been identified during that test. No code changes had been made over that year so, before engaging us, our client had been exposed for more than a year with a major vulnerability that had the potential to destroy their business.
Another client providing professional services requested that we perform a penetration test of their internal network. They informed us that they had a competitor do this test on an annual basis for many years so they didn’t expect us to find anything. During the penetration test, we were able to gain full admin access to a number of computers, including access to databases containing company and client data.