You have set up your network, computers, cloud servers, websites and apps and you hope it’s secure. How do you know?
We perform a penetration test to break your security – just like a hacker would – using real-world attacks to attempt to gain access.
We provide our industry leading report on the penetration test, including the details of all vulnerabilities found and how to fix them.
A penetration test is form of legitimate hacking for the purposes of validating your cyber security, using methods commonly observed in real cyber attacks. If successful, it shows your networks are vulnerable to real cyber attacks, and steps can be taken to improve your cyber security.
Our expert penetration testers are experienced and trained in hacking complex computer networks, systems, websites, APIs and apps.
Once we receive your permission to complete our ethical hacking, the relevant URLs, IP addresses, apps, APIs and logins are provided which allow us to commence the penetration test. Login access is important as it allows us to quickly identify potential access points and specifically test the security of those access points.
We use a combination of manual testing following a standardised process along with tools and in-house developed code to identify points of weakness. Testing can typically be completed over 1-2 weeks. All identified vulnerabilities are then documented with recommended rectification actions in a clear and concise report.
For most engagements, we will then perform a second penetration test of the resolved vulnerabilities to confirm the effectiveness of the applied fixes against future cyber attacks.
Our client engaged us to perform penetration testing for their website and during testing, we identified a vulnerability which allowed us to gain full admin access to their entire website and all client data. This is a common finding, however our client was very surprised to learn we had been able to gain full access. On further discussion, we learned that the client had performed penetration testing a year earlier via a vendor recommended by a large financial company and no vulnerabilities had been identified during that test. No code changes had been made over that year so, before engaging us, our client had been exposed for more than a year with a major vulnerability that had the potential to destroy their business.
Another client providing professional services requested that we perform a penetration test of their internal network. They informed us that they had a competitor do this test on an annual basis for many years so they didn’t expect us to find anything. During the penetration test, we were able to gain full admin access to a number of computers, including access to databases containing company and client data.