Penetration Testing with Security Audit Systems:

A Penetration Test, also known as PenTest, is a simulation of a malicious attack against your computer system or network by outsiders or even insiders who do not have permission to access systems on your network. A penetration test involves an active assessment of the system for any potential vulnerabilities that could result from poorly managed or improper system configuration, both known and unknown hardware or software flaws, and weaknesses in operations or technical countermeasures. The assessment is carried out from the position of a potential intruder/hacker and can actively involve exploitation of vulnerable systems to gain unauthorized access.

Security issues uncovered through the penetration test are documented and a report is drawn up and explained to the system’s owner. The documentation from the penetration test will highlight the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.

Penetration tests can assist your organisation in a variety of ways such as:

1. Determining how feasible a set of attack vectors is
2. Creating a list of high to low vulnerabilities that will allow you to see the impact of such flaws in the system
3. Identifying vulnerabilities that may be difficult or impossible to detect (often known as zeroday attacks, non public exploits) which automated scanners will fail to detect
4. Active intrusion is attempted by our staff, creating the most realistic simulation of an attack possible
5. Allow for Risk Assessment to the business and operational impacts of successful attacks
6. Provides a procedure change or software fix to rectify the vulnerability
7. Tests the Security Operations & Staff of the business, to see how successful they are in mitigating the threat that faces them
8. Reporting and Assessments provide evidence required to seek additional investments to improve overall business security

Penetration Test Phases / How it works

Planning Phase – The assigned SAS security consultant will work with you to ensure the correct type of penetration test is planned & implemented against your systems in order to create the most realistic attack scenario. The security consultant will also ask about any core services & applications you wish to be extensively tested.

Vulnerability Assessment Phase – The penetration test starts with a full vulnerability assessment that scans and probes services & applications for intelligence gathering and fingerprinting purposes. Each IP address scanned will be assigned a security rating indicating which appears to be most at risk, until a global IP map is made of the organisations network. The intelligence gathered is then assessed further and categorized into high and low severity levels, before actively trying to exploit the vulnerabilities.

Penetration Testing Phase – After the vulnerability assessment the security consultant will utilize a complex toolset developed by security professionals to attempt to attack or break into the IP addresses that have been indicated as vulnerable. This attack could happen in a variety of ways and is aimed at compromising core servers, web applications, e-mail platforms, DNS, etc.

Documentation Phase - As the testing progresses and particularly if successful exploitation occurs, the security consultant will documents all test findings. Should a critical vulnerability be found and successfully exploited this will be marked as high severity and you will be notified of this immediately with a solution and time-frame to implement.

Reporting Phase – Once the Penetration Test is completed, you will receive a full report through our secure client portal, where you will have the results explained to you by the security consultant who worked your case.

Remediation Phase – You are taken through how to mitigate the threats discovered. This can be done in variety of ways, typically by patching, altering a process, implementing a code fix or even replacing a computer system entirely. Our security consultant will go through the scenarios of a compromise allowing you to determine the levels of risk to business continuity.

Available Penetration Tests:

Black Box Pen Test

A blackbox penetration test is a full penetration test as above conducted by our certified security experts, who have no prior knowledge of your computer networks and systems. This is often the most realistic type of attack if you are considering the possibility of an attack coming from outside of your organisation.

White Box Pen Test

A whitebox penetration test is a full penetration test as above conducted by our certified security experts, who have the added advantage of complete system and network knowledge down to application layer source code where applicable. This test is often considered if you wish to expose the maximum vulnerabilities possible as all knowledge has been given to our engineers to conduct an in depth attack simulation on your organisation.

Is a Penetration Test right for you?

Please get in touch today to discuss your security requirements.

Phone Us: 0845 862 1052
Alternative Contact Information