PENETRATION TESTING SERVICES
We have redefined how penetration testing is delivered. Utilizing our cutting-edge security automation capabilities allows us to streamline engagements, deliver consistent top-quality results, and enables our highly-experienced security team to focus on the critical risks to keep your business safe.
Web applications are a primary gateway for hackers to gain access to your corporate secrets. Web Application Penetration Testing identifies and exploits security flaws using globally recognised standards to bypass access controls and exploit the vulnerabilities that provides unauthorised access to your application data, accounts and systems.
Any system connected to the internet is constantly being attacked by internet-based hackers. External Infrastructure Penetration Testing identifies and verifies the exploitable vulnerabilities in your internet-accessible systems. We gather intelligence gathered about your organisation and perform targeted attacks to gain unauthorised access inside your business.
MOBILE APP AND API
Mobile App and API Penetration Testing reveals unsecured data and configurations in your mobile apps and identifies vulnerabilities in your mobile API endpoints that may compromise your mobile solution. We use globally recognised standards to provide assurance and visibility of your mobile security profile.
The majority of security breaches provide attackers with remote access to your internal network. Internal Infrastructure Penetration Testing simulates an internal attacker, revealing the various ways they can escalate their internal privileges to perform business-critical attacks and take over your organisation.
API AND WEB SERVICE
These services are commonly used for B2B solutions and thick clients, which often contain business logic flaws and access control weaknesses, amongst others. happens when developers trust the source of the requests. API and Web Service PenTests identify and verify actual vulnerabilities that exist within these interfaces using globally recognised application security testing standards.
PHISHING AND SOCIAL ENGINEERING
Your employees are the weakest link to your security and are the primary target for attackers. Social Engineering Penetration Testing is designed to put your employees through a range of simulated social engineering attacks designed to convince users to perform insecure actions that will lead to your business becoming breached by a remote attacker.
Wireless networks are especially vulnerable since they are not contained by physical controls. Hackers may attack your wireless networks, users, and devices from outside your physical walls. Wireless Penetration Testing assesses your wireless networks to ensure they are setup securely, attacks your wireless users to compromise accounts, and exploits your wireless devices to identify and verify vulnerable systems that expose your internal networks and data.
Red Team Penetration Testing is an objective-based security assessment that simulates real-world attack campaigns. These objectives may include taking control over a building, transferring funds from the company, or extracting highly-sensitive corporate data. This is achieved througha carefully selected chain of covert attack techniques that are designed to identify and exploit weak controls to infiltrate your organisation. This allows you to realize how to detect and prevent an advanced persistent threat.
PCI PENETRATION TESTING
PCI DSS (Payment Card Industry Data Security Standard) requires that periodic penetration tests are performed against systems and applications within your Cardholder Data Environment (CDE). PCI Penetration Testing will test the external and internal systems and applications within your CDE to ensure that your credit card details remain secure and your organisation remains PCI DSS compliant.
ENDPOINT DEVICE EXPLOITATION
One of the most effective ways of breaking into a company’s network is by attacking endpoints, such as workstations, laptops, and mobile devices. Endpoint Device Penetration Testing reveals the most likely techniques and attack vectors specific to your business that a hacker would use to compromise your corporate systems. We educate you on these attack techniques and how to mitigate a security breach.
OT AND SCADA
Organisations that manage OT and SCADA environments have an increased likelihood of a safety impact or outage that could have significant impacts to their personnel and to their business continuity. OT and SCADA penetration testing is custom designed in consultation with your business to ensure that your risks can be identified, verified and managed in a safe environment by a highly skilled, experienced and professional team.
CLOUD AND VIRTUALISATION
Cloud and virtualisation provides businesses with a great amount of flexibility and scalability, but they also introduce significant risks since they move your data and administrative controls closer to the internet. Minor cloud misconfigurations or API key leaks can lead to entire data sets being published to the internet, your domains being hijacked, and entire cloud environments and accounts becoming compromised.
IOT PENETRATION TEST
The number of IOT devices on the internet are increasing exponentially. Unfortunately, many of these devices, and the interfaces they communicate with, weren’t designed with security front of mind. IOT Penetration Tests target the IOT device to gain unauthorised access, extract sensitive data from the device, and abuse the internet-based interface to gain unauthorised access to devices, data, networks and businesses.
SECURITY AND NETWORK DEVICE
Whether you are developing a new appliance or introducing a security or network device into your environment, Security and Network Device Penetration Testing helps you to understand the actual effectiveness of the product beyond the marketing, and
at the same time understand if the device is introducing any additional security weaknesses or vulnerabilities into your organisation.
THICK CLIENT APPLICATIONS
Thick client applications often assume that the end user is trusted and that their device has not been compromised. Thick Client Application Penetration Tests identify security flaws that are introduced into your systems by installing the thick client software and verify vulnerabilities in target web services or API endpoints
that don’t expect a malicious user.
COPYRIGHT PROTECTION BYPASS
Your intellectual property is built into any commercial product or mobile app that you distribute. Cracking and redistribution of free or malicious versions of your product can lead to significant financial and reputational business impacts. Copyright Protection Bypass Penetration Testing identifies your anti-cracking and anti-reverse engineering controls to reveal the weaknesses in your protections and recommend enhancements to protect your business.
FREQUENTLY ASKED QUESTIONS
Blank Closed Item
What is Penetration Testing?
Penetration Testing (aka, pentesting) is an active and authorized attempt to breach network and cybersecurity defenses as a means of hardening and protecting a system against unwanted threats. This differs from vulnerability scanning, in which an automated software checks for possible holes in the system. Penetration testing uses several means and methods to not only check for vulnerabilities, but to also exploit them.
Why should we have a penetration test performed?
Pentesting is one of many tools available to ensure that your network is secure. A professional pentester can find even the most minute attack vectors, helping you and your security team remediate those issues. Because you can rest assured that if a pentester can find it, a bad actor can, too.
How often should I get a Penetration Test?
The answer to this is largely dependent on your organization and its security needs. For example, a retail merchant who handles millions of credit card transactions is most likely going to need more frequent pentesting than, say, a small, locally-owned dog groomer. However, most regulatory agencies require a pentest at least once a year.
What’s the difference between Vulnerability Scanning and Penetration Testing?
When an IT professional runs a vulnerability scan, he is looking for areas where your network and device defenses might be weak. This could be checking for unpatched operating systems, looking for pwned passwords, etc. A pentest takes this one step further and attempts to break into the system by exploiting those vulnerabilities.
What is the scope of a Penetration Testing project and should we prepare before?
This is completely dependent on your organization’s needs and there is no preparation needed. When you sit down with your pentester, you are going to discuss and set certain things, including:
- Scope Agreement: We will send a detailed plan for the test, including the specialist, the timeline, any requisites we may need, and the methodology. Once you have accepted the Agreement, we will move forward.
- The testing itself, which will run for the time specified in the Agreement.
- Report: After the initial test, our testers will run a retest on any issues you have remediated, and then submit a final report to you.
Blank close item
Who will conduct my penetration test?
Each of our pentesters is highly-qualified, with many years of experience and several certifications. Whomever you work with, we guarantee they will do an excellent job.
How long does it take a Penetration Testing?
Just like cost, it is going to depend on several factors (most notably the scope of the job). On average, a pentest takes 1-3 weeks, but the actual timeline is something you and your tester will discuss during your pre-test discussions.
How much does a penetration test cost?
This is going to depend on the scope of the test, and the structure of your network and devices. However, a good pentest will run anywhere from US$10,000 – $30,000. You can certainly find cheaper tests, but in the case of pentesting, you get what you pay for, and trying to save a few dollars today could end up costing you more tomorrow.
Is Penetration Testing disruptive to our environment? Will our systems go down?
By its very nature, pen testing does run the risk of disrupting operations and your network. Think about it this way: the tester is using live exploits, and there is the potential for something to go wrong. However, you can help prevent this by planning. Speak with your pentester at length, discuss the scope and reach of his or her testing, and see what aspects of the operation can be done in ways to minimize the risk of disruption. Accidents do happen, but a competent tester with a detailed plan should be able to do his or her job without seriously impeding yours.
Why should Threat Intelligence conduct my Penetration Testing?
Our team has decades of experience in cybersecurity, and all of our pentesters are highly-qualified to test your network and devices. We work closely with you to protect business critical data and applications from both damaging external and an emerging trend of equally as significant internal threats.
WHY IS AUTOMATED PENETRATION TESTING IMPORTANT?
Understand the difference between Vulnerability Scanning, Automated Penetration Testing and Manual Penetration Testing. We compare all three and give you a side by side analysis so you can select the right solution for your business.