Penetration Testing

Even a single occurrence of compromised customer data can destroy an organisations brand and negatively impact its profitability. Penetration testing helps an organisation to avoid data breaches and compromise that lead to commercial and reputational loss.

Penetration testing identifies security holes in a network that a potential attacker could breach. Once found, remedial action can be taken to close those vulnerabilities before an attacker can exploit them.

CSA use a methodical approach, the latest toolsets and hacking methodologies to test the defences of specific applications, servers, routers, networks and other, within scope systems, looking for a potential foothold. The foothold is then exploited to see how far the network can be penetrated. Every vulnerability found is documented with recommendations on how to address the issues to mitigate the future risk.  

Scope of penetration testing projects:

  • White Box – customer provides passwords, usernames, IP ranges and full network access. This simulates an attack from someone who knows the business, perhaps a current or ex-employee.

  • Grey Box – customer provides access to the network across all sites for scanning and exploitation but not usernames and passwords. This simulates an attack from someone who has specific but limited knowledge of the business.

  • Black Box – customer provides website address and nothing else. This simulates an attack from an unknown assailant who initially knows nothing about the network they are attacking. 

Secure networks cost money but not as much as the cost of addressing a successful attack. There are the physical costs and potential GDPR fines (up to 4% of turnover) as well as the cost of commercial and reputational damage.

The Payment Card Industry (PCI) Data Security Standard and other recent security recommendations require external security testing. Regular penetration testing is good practice for any organisation interested in information security. Contact us to discuss our discounted recurring penetration testing packages. 

hacking-2077124_960_720.jpg

CSA has a team of experienced and certified cyber professionals who carry out our assessments. CSA adheres to the OSSTMM penetration testing methodology and code of ethics. Most of the CSA advisors are former UK Government cyber operations specialists who bring extensive Governmental and Industry cyber experience and expertise. At least one member of the assigned testing team will hold the Certified Information Systems Security Professional (CISSP) certification, in addition to bespoke cyber technical certifications and qualifications such as OSCP (Offensive Security Certified Professional).