Often companies are unaware of existing vulnerabilities within applications or infrastructure that a potential attacker could successfully exploit, breaching a companies confidential data and damaging brand integrity. Testing discovers and confirms vulnerabilities exist and provides clear instructions allowing your company to fix the discovered security issues.
Cyber security testing performed by OSCP certified & CREST registered penetration testers
A penetration test verifies the existence of a vulnerability by safely performing exploitation, a vulnerability assessment detects the vulnerability but does not confirm if the vulnerability is exploitable. During a manual vulnerability assessment the consultant will gather as much evidence as possible to support the vulnerability discovery, but no attempt to exploit the vulnerability will be made.
As no targets are exploited it’s not possible to perform pivoting, data exfiltration or privilege escalation on a vulnerability assessment. Due to this limitation assessing the impact of a breach and what data a potential attackers may gain access to are also not part of a vulnerability assessment.
Testing should be performed on a regular basis to ensure newly discovered threats and vulnerabilities are discovered and remediated before any potential attacker detects and exploits them in the wild. In addition to regular security assessments demanded by regulatory and compliance standards, network security audits should also be completed when:
Aptive’s services definitions are below that should help your company identify what security assessment service you require or speak to a consultant on live chat:
A network security audit against your organisation simulating a real-world attack, testing is conducted internally from within the network testing your companies external defences against attack or internally to simulate insider threats.
A network penetration test allows an organisation to test it’s network against attack in a controlled environment carried out by a professional cyber security consultant. Helping ensure data integrity and assisting your internal teams understand the identified security issues.
Web application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual test that exposes security issues within your web applications and provides clear fix instructions, allowing your team to resolve discovered security issues.
Mobile application penetration testing is a point-in-time security assessment of a web application and web server. The web application assessment is a consultant lead manual test that exposes security issues within your mobile applications and provides clear fix instructions, allowing your team to resolve discovered security issues.
An external network security audit against a network, server or application(s), simulating a real-world attack. The test is conducted externally from the Internet and identifies weaknesses or vulnerabilities that are publicly exposed. Discovered security issues are documented with clear remediation instructions, allowing your company to help identify and fix security issues.
Identify security issues that are exposed to external attackers from the Internet, helping ensure data integrity and preventing unauthorised access.
Trustwave’s 2015 Global Security Report.
BIS 2015 Information Security Breaches Survey
CYREN’s 2015 Cyberthreat Yearbook Report.
Trustwave’s 2015 Global Security Report.
There are three main types of penetration testing Black Box, White Box and Grey Box, these are defined below:
Black Box testing is conducted with no prior knowledge of the target network / system or application. A ethical hacker approaches the engagement with the same set of conditions that a normal hacker would, making black box test the most realistic simulation of a real world attack.
Black Box vs White Box Testing, the pros and cons of Black Box vs White Box testing are outlined below.
White Box testing is conducted with prior knowledge of the system and potentially client side access to the network, system or application. If the engagement is an application source code and backend server or database access can be made available to assist the consultant with verifying discovered vulnerabilities.
Grey Box testing is a combination of Black and White Box testing. A good example of Grey Box testing is a Web Application Penetration Test where accounts are provided by the client for Access Control assessment. Grey Box Penetration is designed to maximise testing time on information an attacker would likely be able to obtain, but would take up testing time to gather.
Below is an overview of Aptive’s approach to penetration testing, you can contact us for our detailed methodology document.
Discovery takes place before any testing is conducted, the process involves collecting as much information about the company or application as possible. The information gathered at the discovery stage of testing is used to help identify weaknesses directly or provide information that can help with later stages of testing. Typically all publicly available information is enumerated such as:
In scope addresses are manually enumerated for useful information such as services and versions.
As much information as possible is gathered / enumerated from each exposed service.
After enumeration of the server(s) / network a Vulnerability assessment is completed, helping identify known public vulnerabilities. This process helps identify information that can be manually assessed in the next step.
Depending on client requirements, discovered forms or password hashes are tested using the latest password recovery techniques, helping identify if current password policies are sufficient.
Services revealed at the enumeration and vulnerability assessment stage are researched for public exploits and or known exploit methods.
Discovered services are manually and safely tested or exploited to confirm if they are vulnerable.
Successfully compromised machines are locally enumerated for valuable data, if possible (scope permitting) user privileges are escalated to admin root. Screenshots of account privilege level or discovered data are taken for evidence.
Compromised machines are used to route traffic, allowing the pen testing consultant to access the internal network or other machines / network subnet. This demonstrates the risk of a potential breach and how far an attacker may get within the target companies network.
All discovered security findings are documented using the DREAD risk assessment model, all findings are listed in severity order with clear concise remediation instructions and their associated risk and impact.
All our security testing services come with free retesting on reported findings.
Working with you to identify all systems / applications that need testing.
Security testing is completed by our CREST accredited team, following our internal testing methodology.
Delivering a clear easy to understand severity ordered report, detailing identified issues and providing clear and concise remediation steps.
Further explanation and demonstrations of vulnerabilities / exploits.
Security issues identified within the report are retested for free.