FIRST THINGS FIRST
What is a penetration test?
A Penetration Test, also known as a Pen Test, involves our CREST accredited testers using the same tools and expertise that career criminals and hackers would use to simulate an attack on your organisation.
The purpose of a Penetration Test is to identify vulnerabilities that could be exploited. They’re the most effective way of showing how attackers could breach your organisation, how it could impact you and the likelihood of it actually occurring.
What’s involved in a Penetration Test?
Each and every Penetration Test we carry out will differ depending on a) the system being tested, and b) your individual needs. We follow a proven methodology so as to maintain a consistent set of results. This includes 3 core phases:
Phase 1
Planning & Investigation
This phase will involve planning and gathering intelligence which will help us identify how we’ll be targeting our simulated attacks, and will include mapping high value assets such as employee, customer and technical data as well as internal and external threats.
Phase 2
Exploitation of vulnerabilities
With a map of all possible vulnerabilities, we’ll then begin the simulated tests on your entry points. Our goal will be to see how far we can get into your environment, identify any high-value targets, and avoid detection.
Phase 3
Analysis and reporting
While Penetration Testing is a complex activity, our analysis and reporting isn’t. We’ll highlight security vulnerabilities and areas that could be exploited. We’ll also provide guidance on remediation, with a clear focus on preventative countermeasures.