Penetration Testing
How do you know your cyber defences work? How do you know your systems are secure?
Penetration testing (ethical hacking), and vulnerability scanning are important processes to validate that everything is working as it should or to highlight any weaknesses so that you can resolve them before a hacker gets in.
Our information security consultancy services will enable your business to operate securely and safely.
Please contact us to arrange a telephone or face to face appointment to discuss your information security needs.
Penetration Testing
Penetration testing (aka ‘pen test’) is a vital step in assuring your security. We can provide CREST-certified penetration testers to undertake a comprehensive test of your IT infrastructure, web applications, mobile applications and other technology so that our ethical hackers find any vulnerabilities and advise you how to fix them before they can be exploited.
We can undertake tests on:
Network & Infrastructure
Web Applications
Mobile Applications
Tests can be undertaken on both a white box or black box basis. During a white box test full information about your systems is shared with the testers including providing test user accounts. A black box test will simulate what a real attacker will know and there is no information shared in advance.
A typical test will follow this pattern: initial engagement, scoping, testing, reporting, and follow up. All issues found are scored in terms of severity so that more critical issues can be fixed first. We will maintain contact with your nominated technical contact(s) throughout the testing process.
Vulnerability Scanning
A vulnerability scan uses tools to provide a technical assessment of your IT systems, scanning your infrastructure and applications to identify missing software security updates, incomplete deployment of security software, or open ports. Scans should be performed both externally to the network, and from within the network.
A vulnerability scan quickly identifies the open doors to known vulnerabilities - the most frequent exploitation by hackers - and should be regularly performed.
If you need help with this, our expert security specialists can undertake this for you as a one-off scan, or more often as part of a routine quarterly process. We provide a prioritised report of issues rated against the Common Vulnerability Scoring System (CVSS).
Contact Us
Penetration Testing Frequently Asked Questions (FAQ)
+ What is penetration testing?
Penetration testing is a method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might.
+ Why should I get my systems penetration tested?
Penetration testing will either confirm to you that there are no exploitable vulnerabilities that were found in your systems, or alternatively will highlight vulnerabilities that exist so that you can take preventive steps to close them before they are exploited. If you do not undertake penetration testing, you have no way of knowing for sure which of these states is true and may be exposing your systems and business to unnecessary risk.
+ What is manual penetration testing?
Manual penetration testing refers to a consultant-led approach to testing. This is the most thorough and is considered more rigorous than simple automated tests.
+ What penetration testing methodology is used?
Our proven approach to penetration testing is based on industry best practice and project management standards. The methodology is broken down into six distinct phases:
Initial Scoping, Reconnaissance, Assessment, Reporting, Presentation and Remediation.
We believe that these six steps are crucial in performing a thorough and accurate assessment, providing value for the client and ultimately improving the security of the target network. This methodology is cyclical in that the results of the assessment presented to the client and provided as a report.
+ How does a penetration test differ from an automated vulnerability scan?
A penetration test attempts to actively exploit weaknesses in an environment. Vulnerability scans and vulnerability assessments search systems for known vulnerabilities. A penetration test requires various levels of specialist expertise and, although some automated testing may be used by the consultant, cannot be automated. A vulnerability scan can be automated.
+ What is an infrastructure penetration test?
We can offer consultant-led infrastructure penetration testing to provide a thorough and independent examination of your corporate infrastructure and systems to identify software and configuration based security vulnerabilities. There are two components to delivering infrastructure penetration testing and these are internal and external assessments. It is commonplace to combine these into a single test that covers both the internal and external components of the network.
An internal penetration test is performed by a qualified security consultant who is onsite within your corporate network. This type of assessment looks for security issues and vulnerabilities on the inside of your corporate network with the same physical access as a member of staff or other types of employee who has access to the building. This assessment provides a very comprehensive view of the configuration of your corporate network devices and servers from a security viewpoint of an insider, connected to your network.
An external penetration test is performed by a security consultant whilst remote from your corporate network. This type of assessment is concerned with assessing the external, Internet-facing infrastructure of your corporate network. This could be your Firewall, VPN endpoints, Web Servers and Mail Servers etc.. The level of access to these resources would be the same as an external hacker trying to break into your corporate environment so this assessment provides you with a real risk indicator as to your external security posture.
+ What is a web application penetration test?
We offer a professional web application security testing service that can be used to identify vulnerabilities that exist on your web applications. Our testers have a wealth of knowledge in the area of web application security testing. This web application testing can be performed remotely for external facing web applications or internally at your premises if the application is an internal application.
Web applications can use a variety of technologies and development frameworks, so our exact technical approach to each application may be very different. However, there are certain fundamental areas that are examined, which are as follows:
Public Information - Publicly available information on the target company and application(s) will be gathered and inspected. This information could include DNS records, email addresses, document metadata, website content, and social media posts.
Authentication - Any authentication controls such as login portals will be tested in detail, identifying any vulnerabilities that could be exploited to bypass the control, enumerate information such as valid users, or exploit weaknesses such as lack of anti-automation.
Authorisation - The application’s pages and functionality is mapped from the perspective of the core user profiles (with varying privileges), identifying any discrepancies with access and highlighting potential horizontal and vertical privilege escalation issues.
Session Management - The session management solution is examined in detail to identify vulnerabilities such as session fixation and hijacking, excessive timeouts, concealed sequences and flaws in the randomness of the token.
Input Validation / Sanitisation - All user-controllable input is closely tested to identify any instances of malicious code injection weaknesses. Common vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection fall within this category.
Business Logic - The functionality of the application will be examined from a business logic perspective, identifying ‘edge cases’, where users perform an action (or sequence) not foreseen by the developers.
Web Server Configuration - The configuration of the Web server is included in testing to identify any instances of version disclosure, outdated software packages, SSL configuration weaknesses, and unnecessary public facing ports.
+ How much does a penetration test cost?
To provide an accurate cost for your penetration testing requirement it is necessary for undertake a short scoping call.
+ How often should we undertake a penetration test?
It is important to take a risk-based view when deciding how often to undertake penetration testing. Some of our customers will complete tests annually, some quarterly and others more or less frequently. Some things to consider include - the overall risk profile of your systems / organisation, how quickly your systems or applications change, how many issues were found in previous tests, how reliable your other security engineering processes are at elimating vulnerabilities.
+ How long does a penetration test take?
To provide an accurate time estimate for your penetration testing requirement it is necessary for undertake a short scoping call.
+ Why should I choose Spritzmonkey for my Penetration Testing?
Our penetration testers are CREST certified and experts in their field. From the outset we aim to build open and honest relationships with clients. By listening to you and adopting a flexible straightforward approach, we work with you to understand your business, how it works and its culture. That way, no matter what industry you are in, we can tailor our services to suit your needs and fit in with how you and your teams work.
+ How much does an infrastructure penetration test cost?
To provide an accurate cost for your penetration testing requirement it is necessary for undertake a short scoping call.
+ How much does a web application penetration test cost?
To provide an accurate cost for your penetration testing requirement it is necessary for undertake a short scoping call.
+ What areas of the country do you cover?
We work with customers all over the UK including those in the South East and East Anglia (London, Essex, Kent, Suffolk, Norfolk, Cambridgeshire, Hertfordshire, Surrey, Sussex), further afield in the South West (Cornwall, Dorset, Somerset, Wiltshire, Gloucestershire, Bristol) and the Midlands and North of England.
We have also worked with international clients with offices in Europe, Asia and the Americas.
Penetration testing is usually carried out remotely and therefore our penetration testing team can undertake assignments for clients and systems based almost anywhere.
+ My customer wants to see the results of our penetration test. Should I share the penetration test report with outside parties?
The penetration test report will include very sensitive information and should only be provided on a need to know basis. Outside parties are most likely to be interested in reassurance that a test was completed, and vulnerabilities remediated. Therefore, it is best practice to share only a summary where this is necessary.