Penetration Testing

UK based Penetration Testing Company,
testing performed by our CREST accredited team

What is a Penetration Test?


Penetration testing also known as pen testing, is the process of testing a Computer System, Network or Application to identify vulnerabilities and security issues. After discovery, vulnerabilities are safely exploited, confirming if the vulnerability exists. The testing process is manual and removes false positives typically returned by automated tools and vulnerability scans.

Penetration tests are typically performed against a companies servers, web applications, external network infrastructure and mobile applications. The testing process is manual with the use of industry standard commercial and open source tools to assist the testing process. Once a vulnerability has been successfully exploited, a tester may use the machine as an entry point to access other machines within the network, gaining access to data that would normally be protected by firewalls or requiring higher privilege level accounts. This helps identify the potential risk factor by identifying the level of data a potential attacker could access.

Penetration testing companies

Aptive, a UK Penetration Testing Company

Aptive are a passionate UK based cyber security consultancy providing cost effective, manual security testing services. We help our clients improve security and remain compliant with regulatory compliance standards such as ISO 27001 and PCI DSS.

Our Penetration Tests are performed by experienced consultants who are both CREST and OSCP accredited.

We strive to meet the challenging report delivery turn arounds demanded by our clients for regulatory and compliance requirements.

Why Perform a Penetration Test?

Often companies are unaware of existing vulnerabilities within applications or infrastructure that a potential attacker could successfully exploit, breaching a companies confidential data and damaging brand integrity. Testing discovers and confirms vulnerabilities exist and provides clear instructions allowing your company to fix the discovered security issues.

  • Compliance – Various regulatory compliance standards such as ISO 27001 and PCI DSS require a penetration test annually and after significant infrastructure changes
  • Identify Vulnerabilities – Regular testing identifies security issues and weaknesses within a companies applications and infrastructure
  • Cyber Security Risk Assessment – Understand the level of risk that currently exists for your company, testing identifies and prioritises security risks
  • Test Controls – Execute a real-world attack, testing your network security defences
  • Detect New Vulnerabilities – New security vulnerabilities are publicly exposed every day, regular testing will help identify if your company is vulnerable.
  • Fix Security Holes – Our reports document clear fix instructions for discovered security issues and vulnerabilities

Cyber security testing performed by OSCP certified & CREST registered penetration testers

Benefits of Penetration Testing

Vulnerability Management

Pen Testing provides a severity ordered report, documenting vulnerabilities that are proven to be exploitable, removing false positives from the equation. Allowing your organisation to proactively identify which vulnerabilities are critical and which are less critical or false positives.

Avoid downtime and Breach costs

Network downtime caused by a data breach can cost up to £3 million, with the average cost of a breach costing £36,500. Pen testing allows your organisation to help identify exploitable vulnerabilities proactively before they are exploited by a malicious attacker allowing you to intelligently plan remediation and give priority to critical and high level findings.

Source: www.gov.uk/government/publications/cyber-security-breaches-survey-2016

Meet Regulatory and Compliance Standards

Penetration testing helps companies and organisations address the general auditing requirements for PCI DSS. Testing also helps address ISO 27001 requirements by obtaining an organisations exposure to vulnerabilities and providing measures to remediate discovered issues.

Preserve Brand, Corporate image & customer confidence

Data breach, compromised accounts and exposed external data cost money and can negatively affect brand image and sales. Testing helps identify and fix vulnerabilities that could be used to exfiltrate confidential, sensitive and personally identifiable information.

Why use Aptive

Certified Penetration Testers

Testing performed by OSCP certified and CREST registered penetration testers.

Free Retesting

Free retesting on discovered security issues.

Proven Testing Methodology

Aptive performs penetration testing based on the OWASP testing methodology.

Easy to Understand Reports

Discovered security issues in severity order with remediation instructions.

Fixed Price Proposals

Transparent costs and fixed price proposals, giving you peace of mind.

Custom Penetration Testing

Custom Testing tailored to your business requirements.

Vulnerability Assessment & Penetration Testing, What’s the Difference?

A penetration test verifies the existence of a vulnerability by safely performing exploitation, a vulnerability assessment detects the vulnerability but does not confirm if the vulnerability is exploitable. During a manual vulnerability assessment the consultant will gather as much evidence as possible to support the vulnerability discovery, but no attempt to exploit the vulnerability will be made.

As no targets are exploited it’s not possible to perform pivoting, data exfiltration or privilege escalation on a vulnerability assessment. Due to this limitation assessing the impact of a breach and what data a potential attackers may gain access to are also not part of a vulnerability assessment.

How often Should You Perform Penetration testing?

Testing should be performed on a regular basis to ensure newly discovered threats and vulnerabilities are discovered and remediated before any potential attacker detects and exploits them in the wild. In addition to regular security assessments demanded by regulatory and compliance standards, network security audits should also be completed when:

  • New changes to network infrastructure
  • External servers or applications are deployed (including cloud / external servers)
  • Significant upgrades or modifications to infrastructure or applications
  • At new office locations
  • After the company acquires other companies (including mergers)
  • After security patching to ensure applications and infrastructure are no longer vulnerable
cyber security breach cost why penetration tests required

Pen Testing Services

Aptive’s services definitions are below that should help your company identify what security assessment service you require or speak to a consultant on live chat:

Network Penetration Testing

A network security audit against your organisation simulating a real-world attack, testing is conducted internally from within the network testing your companies external defences against attack or internally to simulate insider threats.

Why Perform a Network Testing?

A network penetration test allows an organisation to test it’s network against attack in a controlled environment carried out by a professional cyber security consultant. Helping ensure data integrity and assisting your internal teams understand the identified security issues.

Web Application Testing

Web application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual test that exposes security issues within your web applications and provides clear fix instructions, allowing your team to resolve discovered security issues.

Mobile Application Testing

Mobile application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual test that exposes security issues within your mobile applications and provides clear fix instructions, allowing your team to resolve discovered security issues.

External Penetration Testing

An external network security audit against a network, server or application(s), simulating a real-world attack. The test is conducted externally from the Internet and identifies weaknesses or vulnerabilities that are publicly exposed. Discovered security issues are documented with clear remediation instructions, allowing your company to help identify and fix security issues.

Why Perform External Security Audits?

Identify security issues that are exposed to external attackers from the Internet, helping ensure data integrity and preventing unauthorised access.

Tested Web Apps Found Vulnerable

Trustwave’s 2015 Global Security Report.

Large Companies Reporting Breaches

BIS 2015 Information Security Breaches Survey

Increase In Successful Cyber Attacks

CYREN’s 2015 Cyberthreat Yearbook Report.

Tested Mobile Applications Found Vulnerable

Trustwave’s 2015 Global Security Report.

Different Types of Penetration Testing

There are three main types of penetration testing Black Box, White Box and Grey Box, these are defined below:

What is Black Box Testing?

Black Box testing is conducted with no prior knowledge of the target network / system or application. A ethical hacker approaches the engagement with the same set of conditions that a normal hacker would, making black box test the most realistic simulation of a real world attack.

Black Box vs White Box Testing, the pros and cons of Black Box vs White Box testing are outlined below.

Advantages of Black Box Testing:

  • Realistic – The penetration tester has the same knowledge as a potential attacker, making it the most realistic simulation of a real-world attack
  • Source Code not Required – Testing can take place without application source code
  • No Prior Knowledge Required – Less scoping requirements and no organisation information needs to be provided, making it easier to get a test in motion.

Disadvantages of Black Box Testing:

  • More Time is Required – Typically, more time is required for testing as a consultant has to discover as much information as possible about the target app / system or network then perform assessment.

What is White Box Testing?

White Box testing is conducted with prior knowledge of the system and potentially client side access to the network, system or application. If the engagement is an application source code and backend server or database access can be made available to assist the consultant with verifying discovered vulnerabilities.

Advantages of White Box Testing:

  • More areas of Testing – White Box testing covers more areas of testing. Depending on scope the following can be in scope for testing: Source Code, Database Access, Server Access.
  • Maximises Testing Time – During testing all the information is already available for the tester, making it possible to assess the application throughly and verify vulnerabilities (by having direct access) to the backend systems, code or databases.

Disadvantages of White Box Testing:

  • Unrealistic – The test is not as realistic as a Black Box test due to the penetration tester having information that a non informed potential attacker would not have.

What is Grey Box Testing?

Grey Box testing is a combination of Black and White Box testing. A good example of Grey Box testing is a Web Application Penetration Test where accounts are provided by the client for Access Control assessment. Grey Box Penetration is designed to maximise testing time on information an attacker would likely be able to obtain, but would take up testing time to gather.

Penetration Testing Methodology Step-by-step

Below is an overview of Aptive’s approach to penetration testing, you can contact us for our detailed methodology document.

Discovery / Reconnaissance

Discovery takes place before any testing is conducted, the process involves collecting as much information about the company or application as possible. The information gathered at the discovery stage of testing is used to help identify weaknesses directly or provide information that can help with later stages of testing. Typically all publicly available information is enumerated such as:

  • WHOIS
  • Github
  • Pastebin
  • DNS
  • Web forums
  • Email addresses
  • Search engine recon

Network Mapping / Enumeration

In scope addresses are manually enumerated for useful information such as services and versions.

Service Enumeration

As much information as possible is gathered / enumerated from each exposed service.

Vulnerability Assessment

After enumeration of the server(s) / network a Vulnerability assessment is completed, helping identify known public vulnerabilities. This process helps identify information that can be manually assessed in the next step.

Password Testing

Depending on client requirements, discovered forms or password hashes are tested using the latest password recovery techniques, helping identify if current password policies are sufficient.

Vulnerability Research

Services revealed at the enumeration and vulnerability assessment stage are researched for public exploits and or known exploit methods.

Manual Penetration Testing

Discovered services are manually and safely tested or exploited to confirm if they are vulnerable.

Exfiltration

Successfully compromised machines are locally enumerated for valuable data, if possible (scope permitting) user privileges are escalated to admin root. Screenshots of account privilege level or discovered data are taken for evidence.

Pivoting

Compromised machines are used to route traffic, allowing the pen testing consultant to access the internal network or other machines / network subnet. This demonstrates the risk of a potential breach and how far an attacker may get within the target companies network.

Reporting

All discovered security findings are documented using the DREAD risk assessment model, all findings are listed in severity order with clear concise remediation instructions and their associated risk and impact.

Retesting

All our security testing services come with free retesting on reported findings.


  1. Scoping

    Working with you to identify all systems / applications that need testing.

  2. Testing

    Security testing is completed by our CREST accredited team, following our internal testing methodology.

  3. Reporting

    Delivering a clear easy to understand severity ordered report, detailing identified issues and providing clear and concise remediation steps.

  4. Debrief

    Further explanation and demonstrations of vulnerabilities / exploits.

  5. Retesting

    Security issues identified within the report are retested for free.