Penetration Testing

Fingerprint Icon

Find and exploit weaknesses in your systems.

Penetration testing is an overt exercise and uses industry recognised techniques to get a wide and expansive view of a target. The objective is to determine the effectiveness of your existing security controls, both technical and procedural, and to identify and gaps and weaknesses, as well as providing targeted recommendations for how issues can be resolved or mitigated.

Penetration testing seeks to find as much information as possible in the given time, allowing for a comprehensive assessment of your level of security.

There are many different types of penetration testing, and a wide range of approaches that can be taken. We discuss the specific requirements with our clients prior to beginning any engagement, however, in general, most engagements fall into the following categories.

Fingerprint Icon

NCSC CHECK IT Health Checks

Central Government departments and certain suppliers are required to carry out testing under the NCSC CHECK scheme to provide a greater level of assurance in the security of their technical systems. In the context of the NCSC CHECK scheme, the term “IT Health Check” means a penetration test (often supported by technical audits, build or configuration reviews) with the following additional requirements:

  • It must be carried out by an NCSC approved CHECK company.
  • It must be led by an individual holding the CHECK Team Leader (CTL) qualification.
  • All testers must hold at least CHECK Team Member (CTM) qualifications.
  • All testers must hold at least SC clearance.
  • Upon completion of the test, a copy of the report is sent to NCSC.

Learn More
Fingerprint Icon

Web Application Penetration Testing

This assessment seeks to identify and exploit any security weaknesses in a website or web application. It can be performed from a variety of perspectives, ranging from anonymous and unauthenticated attackers over the Internet, through to highly privileged internal users, and covers everything from off-the-shelf software through to highly bespoke web applications and APIs.

Learn More
Fingerprint Icon

Infrastructure Penetration Testing

Once an attacker has gained a foothold within an organisation, whether that be via social engineering, compromising an externally-facing system or as a malicious insider, they will attempt to escalate their privileges and compromise the internal network.

Infrastructure testing aims to identify vulnerabilities within the internal systems and network devices that could be exploited by an attacker, and to validate the security of controls such as network segregation.

Learn More
Fingerprint Icon

Cloud Services Penetration Testing

The move to cloud platforms such as AWS and Azure can provide many benefits for hosting both applications and infrastructure; however it can also introduce a whole range of new vulnerabilities and security concerns and areas that need to be tested.

As well as testing the applications and infrastructure hosted on the platform, the security of the resources within the cloud platform itself also needs to tested.

Learn More
Fingerprint Icon

ICS/OT Security Review

This assessment seeks to identify the maturity of any technical risk management processes applied to ICS or OT infrastructure, through a combination of policy and procedure review, interviews with appropriate personnel, targeted inspection of equipment, and both passive and active analysis of network connections.

Learn More