Penetration & Security Testing Services
Our advanced penetration tests are a fundamental part of your organisational risk-management process, whereby we examine the resilience of your security to identify vulnerabilities and weaknesses in systems such as networks, software, apps or websites.
Our UK testing team are CREST approved and will provide a comprehensive service giving you piece of mind that any issues will be uncovered – leading to you having a fully secure product. We can partner with you to provide regular testing whilst offering one off bespoke tests based on your requirements.
What is a Penetration Test?
When it comes to a penetration test (also known as a pen test), the goal of the exercise is simply to find all of the security vulnerabilities that exist in the systems being tested that an attacker could exploit and report on these. In this case, a vulnerability is anything that increases the likelihood of an attacker disrupting, or gaining unauthorised access to a system and any data contained within it.
If you are not already familiar with classic risk terminology: an asset is something you value; a threat is something that can affect your asset; a vulnerability is something that increases the likelihood that the threat will occur; and a control is something that will improve the situation, by preventing, detecting or otherwise reducing the impact of a threat.
So, as an example: an asset might be your kitchen; a threat might be a fire; a vulnerability would be storing napalm in the kitchen; and a control might be installing a fire extinguisher.
What value do I get from a Penetration Test?
A Corsaire penetration test will produce a list of vulnerabilities and remediation steps/guidance which will enable you to plan and prioritise any improvements to the way you process and store your data, and thereby reduce your organisational risk.
From a commercial perspective, a penetration test can help close new business opportunities. If your customers are regulated, they may in turn need you to show that your product(s) or environment are security tested regularly. Being able to demonstrate this as part of your negotiations may be critical to you receiving the order.
What can be penetration & security tested?
Every step taken by your organisation to capture, store and process information can be tested: the systems and buildings that the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it.
Examples of areas that are commonly tested are:
- Off-the-shelf products such as servers, smart phones, firewalls and routers.
- Bespoke software development such as web sites, mobile applications and games.
- Telephone equipment such as exchanges, smartphones, VOIP and fax servers.
- Wireless systems such as WIFI networks, RFID tokens, and contactless cash.
- Physical protection such as CCTV, door entry systems and mechanical locks.
If you would like more information on penetration testing, a free no-obligation discussion with one of our team, get in touch.