Penetration Testing

FIRST THINGS FIRST

What is a penetration test?

---

A Penetration Test, also known as a Pen Test, involves our CREST accredited testers using the same tools and expertise that career criminals and hackers would use to simulate an attack on your organisation.

The purpose of a Penetration Test is to identify vulnerabilities that could be exploited. They’re the most effective way of showing how attackers could breach your organisation, how it could impact you and the likelihood of it actually occurring.

Aside from discovering vulnerabilities before criminals do, there are other benefits to a pen test. Regular pen tests are required by some industries to comply with security standards and help you avoid fines for with non-compliance. Some businesses will also require you to demonstrate that you have this compliance in place before they will work with you.

---

What’s involved in a Penetration Test?

There are three types of penetration test available to you:

• Network and infrastructure - this is a test of your external facing IP's, router firewalls, email servers and other ports and also covers your endpoints, servers and access points
• Applications - this is a test on your websites, CRM, login systems, intranet and mobile applications and other applications your business uses
• Social engineering - we test this with phishing, vishing, physical entry and tactics such as USB drops

Each and every Penetration Test we carry out will differ depending on a) the system being tested, and b) your individual business needs. We follow a proven methodology so as to maintain a consistent set of results. This includes 3 core phases: