Penetration Testing

Our penetration testing team have extensive experience in assessing applications of many types including web applications, web services, binary application (thick client) and mainframe. We also offer extensive mobile application penetration testing of all common mobile platforms.

If your staff use mobile devices, an assessment to review the configuration lock-down of mobile devices and the mobile device management (MDM) environment can be performed.

We believe that a secure infrastructure is the foundation for a cyber resilient organization.

Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls.

Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.

By assessing systems from multiple vantage points, we can achieve a holistic view of the security posture of your SCADA/ICS systems.

Our wireless network testing and configuration review services aims to ensures that those wireless networks are securely implemented and offer a high level of security.

The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.

Organizations are moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. With these environments offer an unrestricted means of traversal into corporate environments, security of the environments can't be overlooked.

We carry out a combination of build review and infrastructure testing of cloud or virtual environments, on both commercial and restricted networks. Our experience includes key products such as VMware, HyperV as well as clould service providers such like Amazon AWS, Azure, and Google Clould Platform.

A systematic examination of an application's source code from both manual and automated perspectives. This 'white box' approach is intended to find and fix mistakes overlooked in the initial development phase, which may not be possible to find with 'grey box' or 'black box' testing methodologies, improving both the overall quality of software and the developer's skills.

We offer this service in a wide ranges of languages, including C#, Java, Python and PHP amongst others.

People tend to be trusting and helpful by nature and can often be manipulated into providing access or giving away sensitive information. Our Social Engineering Assessments using publicly available methods to research potential weak points within the social structure of the target, designing and using social attacks, and other deceptive techniques to extract account credentials to access controlled systems and/or environments.

Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, Checkpoint, HP, Juniper, Palo Alto, Brocade, SonicWall and Fortigate.

We offer a server build review of all operating systems including Windows, Linux and Solaris, and AIX as well as common components, such as database and web servers. We also regularly conduct build reviews on end-user devices, such as workstations and laptops to mimic malicious internal users or stolen devices.

Our environmental breakout service looks to ensure the low-level end user cannot break out of the controlled desktop into other programs, levels of privilege or other restricted areas of the connected infrastructure.

We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment.

This will ensure that the master image has not been infected or tampered with before it's pushed out and used.

We review devices to identify what information can be obtained if it falls into the wrong hands.

This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.

We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB.