What is Penetration Testing?
Penetration testing is a process which is used to evaluate the security of a computer system or network by simulating an attack or intrusion from a malicious actor. This simulated attack will serve to test the current level of protection and enable remedial measures to be evaluated, reviewed and implemented thereby mitigating risk through testing of the organisations controls and procedures.
What does Penetration Testing involve?
CrossGroup Security’s penetration testing involves a vigorous analysis of the target system for possible weaknesses that could result from inadequate system configurations, known and unknown hardware or software flaws, or operational defects in process or technical controls. We take the position of the attacker and will seek to exploit vulnerabilities. Our testing will determine the feasibility of an attack and the perceived business impact. The security issues which are found and their potential impact will be presented in the report for digestion by both the business and its technical staff. Our penetration testing service can also be used against wireless networks, operations, infrastructure targets and web applications.
Vulnerability assessment and penetration testing ensures a comprehensive approach to identifying vulnerabilities and weakness in security configuration. Combining automated and manual testing ensures greater coverage and a better understanding of the associated risks.
Wireless Security Audit
On-premise inspections of controls in place around wireless infrastructure. CrossGroup offer a comprehensive service to ensure your WiFi is not leaving you vulnerable to attack.
Web Application Penetration Testing
Web application penetration testing against nominated targets by searching for vulnerabilities using both manual and automated techniques. All actions are executed from the perspective of either an authenticated or unauthenticated attacker, or both. This testing can be achieved either remotely or on site at any time that suits your business's requirements.
Configuration and Build Review
Our consultants will assess the configuration of network devices, operating systems, firewalls, mainframes and anything in between to identify weaknesses and advise on best security practice. Our testing team has many years combined experience and extremely diverse knowledge, extending well beyond your bog standard equipment and technologies ensuring we are always well placed to advise you no matter how obscure the requirement.
Systems and Network Penetration Testing
We will ensure your networks are safe from attackers, utilising the latest attack techniques and well seasoned consultants we will attempt to identify and demonstrate vulnerabilities which exist in the systems and underlying network.
OWASP Top Ten
- A1 - Injection
- A2 - Broken Authentication and Session Management
- A3 - Cross-Site Scripting (XSS)
- A4 - Insecure Direct Object References
- A5 - Security Misconfiguration
- A6 - Sensitive Data Exposure
- A7 - Missing Function Level Access Control
- A8 - Cross-Site Request Forgery (CSRF)
- A9 - Using Components with Known Vulnerabilities
- A10 - Unvalidated Redirects and Forwards