Penetration Testing

CREST LogoWe're a CREST-approved provider of penetration testing. Our skilled ethical hackers are trained to replicate the mind of a malicious attacker and use an exhaustive set of tools to perform and imitate this mindset.

We offer a wide range of penetration testing services covering all aspects of organizational security, such as infrastructure, web applications, social engineering and, of course, mobile.

We use a risk-based approach to assess systems from an attacker's point of view, as well as against industry best practices. 


The goals of a penetration test

  1. Determine feasibility of a particular set of attack vectors
  2. Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence
  3. Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  4. Assess the potential business and operational impacts of successful attacks
  5. Test the ability of network defenders to detect and respond to attacks
  6. Justify increased investment in security personnel and technology

Penetration tests are an important part of a full security audit. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires penetration testing on a regular schedule and after any system changes.


Our penetration testing services

We provide a range of different penetration testing services, from web and mobile applications to internal network or external infrastructure testing, to reviews of components within your organization's infrastructure, such as servers, workstations or network devices.

We work with you to identify the appropriate penetration testing services. This ensures your business requirements are met and and provides assurance over your organization’s security posture and risk.

Following penetration testing, we will provide a technical-level report giving detailed findings and recommended resolutions in a management summary.

View a full summary of our services below. 


Infrastructure testing

We believe that a secure infrastructure is the foundation for a cyber resilient organization.

Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls. 


Application testing

Many organizations rely heavily on applications to run their business. These are often the digital shopfront for an organization that can be accessed from anywhere in the world. Commonly this includes presenting information, providing functionality to staff or customers, or providing a backbone for all of the organization’s data processing needs.

Therefore, the security of those applications is very important. Our penetration testing team have extensive experience in assessing applications of many types, including web applications, web services, binary application (thick client) and mainframe.


Build review

In addition to infrastructure and applications, the security of the underlying servers is key to preventing a compromise.

However, should a compromise occur, hardening is important to ensure any breach is sufficiently contained and that an attacker cannot easily move any further around the system or infrastructure. We offer a server build review service of all operating systems including Windows, Linux and Solaris, and AIX as well as common components, such as database and web servers. We also regularly conduct build reviews on end-user devices, such as workstations and laptops to mimic malicious internal users or stolen devices.

Utilizing common benchmarking standards, such as CIS, NIST or NCSC recommendations, a build review from us provides the peace-of-mind required.


Mobile applications and devices

Becoming increasingly more frequent, organizations are now developing and using mobile applications to interact with clients and staff alike. It is important that the applications offer the same levels of security as traditional web applications, and as such, we offer an extensive mobile application penetration testing service of all of the common platforms, including Android, Apple, Windows Phone and BlackBerry applications.

If your staff use mobile devices, an assessment to review the configuration lock-down of mobile devices and the mobile device management (MDM) environment can be performed.


Network device reviews

Network devices within an organization provide the backbone for communication within the infrastructure. If one is compromised this could have a devastating effect on the overall security of the organization.

Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, Checkpoint, HP, Juniper, Palo Alto, Brocade, SonicWall and Fortigate.


Wireless penetration testing

Wireless access points can offer attackers a means to attack an infrastructure from a safe distance, often going undetected.

Our wireless network testing and configuration review service aims to ensure that those wireless networks are securely implemented and offer a high level of security.

The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.


SCADA and ICS testing

Supervisory Control and Data Acquisition (SCADA) systems, also known as Industrial Control Systems (ICS), are commonly deployed within a range of industries including power production, manufacturing, water treatment and oil and gas.

Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.

By assessing systems from multiple vantage points, we can achieve a holistic view of the security posture of your SCADA/ICS systems.


Secure code review

To ensure a ‘defence in depth’ approach to security for applications, we carry out source code reviews.

A source code review service is a systematic examination of an application’s source code from both manual and automated perspectives. This ‘white box’ approach is intended to find and fix mistakes overlooked in the initial development phase, which may not always be possible to find with ‘grey box’ or ‘black box’ testing methodologies, improving both the overall quality of software and the developer's skills.

We offer this service in a wide range of languages, including C#, Java, Python and PHP amongst others.


Virtualization testing

More frequently, organizations are now moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. Often, those environments offer an unrestricted means of traversal into corporate environments. Therefore the security posture of virtualized environments can't be overlooked.

We carry out a combination of build review and infrastructure testing of virtual environments or private clouds, on both commercial and restricted networks. Our experience includes key products such as VMware, Hyper-V as well as cloud service providers like Skyscape or Amazon EC2.


Stolen laptop review

With many laptops or mobile devices being lost or stolen, we review devices to identify what information can be obtained if it falls into the wrong hands.

This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.


Gold build image review

We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment.

This will ensure that the master image has not been infected or tampered with before it's pushed out and used.


Database review

We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB.


Environment breakout

To permit restricted access to services, networks or specific applications, an organization may implement a locked down environment, such as Citrix, terminal services (RDP), restricted user desktop or a kiosk environment.

Our environment breakout service looks to ensure the low-level end user cannot break out of the controlled desktop into other programs, levels of privilege or other restricted areas of the connected infrastructure.