New to Penetration Testing?
Unsure where to start?
We've got you covered!
Pentest Packages
Package deals are designed to help make penetration testing as simple as possible. Many SMEs have similar internet facing assets, usually comprising of a small number of externally facing IP addresses, as well as a web application used as either a brochure to advertise services or an e-commerce site.
External Infrastructure
-
Up to 5 external IP addresses
Brochure Web Application
-
Basic web application Based on common framework (WordPress or similar)
-
Expected functionality:
-
Search function
-
Contact page
-
Brochure Website & External Infrastructure
-
Brochure Website as above
-
Up to 5 external IP addresses
E-Commerce Web Application
-
E-commerce application (online store)
-
Based on common framework (Magento or similar)
-
Expected functionality:
-
Create account
-
User profile
-
Shopping cart
-
Payment handled by 3rd party
-
E-Commerce Web Application & External Inf
-
E-Commerce Web App as above
-
Up to 5 external IP addresses
Bespoke Testing
Package deals don't work for everyone, many organisations have specific concerns or goals around pro-active security testing or compliance.
Popular Services
External Infrastructure Assessment
Assessment of internet facing assets from a network perspective - usually including office firewalls, VPNs etc.
Web Application Assessment
Assessment of web application following OWASP methodology including checks for OWASP top 10.
In general terms testing comprises of 2 main areas:
Attempt to interact with underlying infrastructure in some way (web server, database)
Attempt to interact with other users in some way (impersonating users, viewing data)
Laptop/Server Build Review
In-depth review of a single laptop or server, since most devices will be configured in the same way any security recommendations can usually be rolled out across all similar devices.
Stolen Laptop Assessment
Similar to Laptop Build Review however the laptop is reviewed in 3 states:
-
Powered off – not logged in
-
Powered on – not logged in
-
Powered on – logged in (laptop build review)
Internal Infrastructure Assessment
Assessment of the office network, testing is intended to highlight vulnerabilities and misconfigurations that could be leveraged by a malicious insider or, more likely, a user who has been phished providing an attacker with access to a legitimate user account.
Wireless Assessment
Assessment of office wireless network, testing for misconfigurations, known vulnerabilities as well as effective segmentation/client isolation within the wireless network.
Get in touch
Interested in penetration testing services? We'd love to chat!