Penetration Testing ■

Penetration Testing is a method of assessing the security of a system, network or an entire organisation by emulating a real attack scenario. The ultimate goal is to help identify specific risks which, when addressed, will positively impact on your overall security.

The term Penetration Testing is commonly used to describe an assurance exercise involving an active evaluation of a system to discover the weaknesses affecting it. As part of the penetration testing process, our security consultants will not only identify weaknesses, but also exploit them in order to determine the real risk of the threat for the business. On completion of the testing, a comprehensive report is delivered.

The report will detail the security issues found during the testing, including the impact of the issue and the risk for the business. For each security issue covered in the report, a detailed explanation of mitigating actions and recommendations is provided. Applying the remediation action should drastically decrease the chances of a successful breach, by helping to increase the security of the assessed target. The ongoing exercise will create a security baseline which can be used to track the evolution of IT security within the organisation

As well as providing technical recommendations, where possible, we identify the root cause of the issue and give recommendations at a process and policy level.

Benefits

^

It will drastically decrease the chances of a successful breach by helping increasing the security of the assessed target

^

It will allow you to identify new security issues which may have not previously been identified and which may be posing a risk to your business

^

The ongoing exercise will create a security baseline which can be used to track the evolution of IT security within the organization

^

The results of the Penetration Test can be used as a risk mitigation roadmap, and an effective way to tackle the most critical security issues in an efficient manner

^

It will give your management team, suppliers and customers confidence in your security policies and procedures, building the foundations for lasting relationships and strengthening existing ones

Application Penetration Test

Web Application Penetration Test

A Web Application Penetration Test is focused on evaluating the security posture of a web-based application by recreating the scenario of an attacker targeting it. The assessment will identify any vulnerabilities within the applications and their deployment, allowing development and infrastructure teams to address any weaknesses quickly.

We recognise that every web application is different and for that reason our well tested methodologies will not only cover common web application vulnerabilities such as injection and access control issues, but also the latest vulnerabilities affecting the technologies in use by a particular web application. In the case of bespoke web applications, SECFORCE also has the tools and expertise to identify issues which are not publicly known, also known as zero-day issues.

Understanding your business is important to us and our consultants will endeavour at all times to present their findings in the context of your unique environment, so that the impact of the findings is relevant and clearly understood.

Infrastructure Penetration Test

Infrastructure Penetration Test

The aim of an Infrastructure Penetration Test is to identify vulnerabilities affecting an organisation’s network infrastructure, which could be exploited by an attacker to gain unauthorised access to the network and its systems. Such an assessment also provides a valuable evaluation of the corporate security policies and procedures and accurately identifies classes of process failures such as misconfiguration, patch management and password enforcement.

In the case of externally facing infrastructure, SECFORCE assumes the role of a well motivated but non-destructive attacker who is targeting the infrastructure over the Internet. When assessing internal infrastructure, SECFORCE recreates the scenario of a disgruntled employee, malicious contractor or other attacker who has managed to infiltrate the internal corporate network. Our objective is to assess how far such an attacker could go and what level of risk such a breach would pose to the business.

SECFORCE has many years of experience testing all manner of network topologies. It is this knowledge and understanding that allows us to conduct testing without impacting on production systems or usability during assessments.