Penetration Testing

What is a penetration test?

A penetration test is an authorised simulated cyber attack on a computer system, performed by a suitably qualified third party, designed to evaluate and ultimately to fortify the security of a target system through the identification of security vulnerabilities.

Why perform a Penetration Test?

By performing a penetration test you can identify and mitigate vulnerabilities across your organisation before a real-world attacker finds them.  Precursor Security will work with you to help protect your data and reputation; subsequently avoiding compromise, breaches in compliance, large fines and ultimately ensuring the continuity of your business. 

Types of Penetration Test

Vulnerabilities can exist across all components of an organisation, from its people to its processes and technologies. Several types of penetration tests exist to focus on each of these areas in detail and although more focused tests exist, the high level categories are summarised as: 

Application Security Assessments analyse all web applications, usually setup to perform key business functions. These applications are often accessible to the public, which makes them a likely and easy target for attackers.
External Network Security Assessments evaluate the security of your company’s externally facing systems and services, determining how likely they are to be compromised from automated attack tools or an attacker engaging across the internet.
remote access
Remote Access Solutions can provide convenience to your staff but also provide access points to an attacker to target for vulnerabilities.
A Remote Access assessment reviews the security of the solutions provided to your staff members for remotely accessing your organisations resources and services.
An API Assessment is intended to evaluate the security of the underlying functions and procedures which are used by your applications. API calls can often provide an easy and flexible way to both distribute data and provide access to functionality to a variety of locations but can sometimes vary significantly from many of the requests made directly through a traditional Application. These specific API requests can often introduce a range of vulnerabilities into a system as many of the protection mechanisms inherent within web technologies are absent.
Internal Network Security Assessments evaluate the security of your company’s internal systems and how likely they are to be compromised from a variety of perspectives from a malware compromised machine to a disgruntled employee or remote access methods. The evaluation starts with a review of your company’s estate, as weaknesses in computer platforms and other innocuous devices can lead to the compromise of your company’s critical servers.
A Wireless network assessment is designed to evaluate the security of any wireless networks which have been implemented within your company and determine the potential for compromise from an external attacker. Although a wireless environment can provide a great deal of mobility and flexibility to your companies office it can also open up a potential access point for attackers aiming to gain access to your companies network from a distance.
Phishing assessments are targeted at both the users email inbox and telephone with the intention of gaining access to the company network and subsequent business critical data, helping you identify not only the individuals who are likely to become a victim, but also test the overall responsiveness of your staff.
Targeted Social Engineering engagements are important as it usually highlights the ease of which people can access your company’s premises. The assessment also highlights areas of improvement for your staff and the importance of up-to-date staff security training to ensure an established process is documented, outlining detailed steps to take when unknown individuals are identified on-site.

Ready to secure your business?