Penetration Testing

What is Penetration Testing?

Penetration testing is a process which is used to evaluate the security of a computer system or network by simulating an attack or intrusion from a malicious actor. This simulated attack will serve to test the current level of protection and enable remedial measures to be evaluated, reviewed and implemented thereby mitigating risk through testing of the organisations controls and procedures.

What does Penetration Testing involve?

CrossGroup Security’s penetration testing involves a vigorous analysis of the target system for possible weaknesses that could result from inadequate system configurations, known and unknown hardware or software flaws, or operational defects in process or technical controls. We take the position of the attacker and will seek to exploit vulnerabilities. Our testing will determine the feasibility of an attack and the perceived business impact. The security issues which are found and their potential impact will be presented in the report for digestion by both the business and its technical staff. Our penetration testing service can also be used against wireless networks, operations, infrastructure targets and web applications.

VAPT

Vulnerability assessment and penetration testing ensures a comprehensive approach to identifying vulnerabilities and weakness in security configuration. Combining automated and manual testing ensures greater coverage and a better understanding of the associated risks.

Wireless Security Audit

On-premise inspections of controls in place around wireless infrastructure. CrossGroup offer a comprehensive service to ensure your WiFi is not leaving you vulnerable to attack.

Web Application Penetration Testing

Web application penetration testing against nominated targets by searching for vulnerabilities using both manual and automated techniques. All actions are executed from the perspective of either an authenticated or unauthenticated attacker, or both. This testing can be achieved either remotely or on site at any time that suits your business's requirements.

Configuration and Build Review

Our consultants will assess the configuration of network devices, operating systems, firewalls, mainframes and anything in between to identify weaknesses and advise on best security practice. Our testing team has many years combined experience and extremely diverse knowledge, extending well beyond your bog standard equipment and technologies ensuring we are always well placed to advise you no matter how obscure the requirement.

Systems and Network Penetration Testing

We will ensure your networks are safe from attackers, utilising the latest attack techniques and well seasoned consultants we will attempt to identify and demonstrate vulnerabilities which exist in the systems and underlying network.

FAQ

1Will a penetration test crash my site?
Absolutely not, we dynamically throttle testing to ensure application performance does not suffer, especially important in production environments.
2Will you submit any actual data to my site?
It is not possible to test for the full range of vulnerabilities without submitting data to the application, we can stand up a version of your application on our own infrastructure if required.
3What about remediation details?
Remediation details will be provided with all our reports.
4Why is it critical to have on-going penetration testing?
As your applications receive updates from your development team new problems may be introduced, these need to be found and fixed before they become an issue.
5How long will it take?
The time needed will depend on a number of factors and what methods are used to test, average testing times are around a week however.

OWASP Top Ten

  • A1 - Injection
  • A2 - Broken Authentication and Session Management
  • A3 - Cross-Site Scripting (XSS)
  • A4 - Insecure Direct Object References
  • A5 - Security Misconfiguration
  • A6 - Sensitive Data Exposure
  • A7 - Missing Function Level Access Control
  • A8 - Cross-Site Request Forgery (CSRF)
  • A9 - Using Components with Known Vulnerabilities
  • A10 - Unvalidated Redirects and Forwards

Contact us now for a quote or additional information