So what’s the difference?

Vulnerability scans search and probe systems for known vulnerabilities and report back. A penetration test attempts to actively exploit vulnerabilities in an environment like a hacker would to test what data could potentially be accessed, stolen or deleted. While a vulnerability scan can generally be automated, a penetration test requires a certain amount of expertise. Automated ‘bots’ are deployed byhackers to constantly scan infrastructure on the Internet for vulnerabilities.

Our own web servers, like most others are under constant attack . But with some simple changes we sleep at night.

Have a question? Please call one of our consultants 07521 704764.

Tell me more?

Regular vulnerability scanning is strongly recommended for maintaining information security. It is advised to scan every new piece of infrastructure before it is deployed and at least quarterly afterwards. The scans will detect new issues such as missing patches and any new ‘known’ vulnerabilities so you can address them before someone else finds them.

Penetration testing builds on the vulnerability scan. Once we know what’s vulnerable its time to go to work. We attempt to exploit the vulnerability to gain access to your systems and data. In one case within 50 minutes we had complete administrative control of the Active Directory and all servers and data. Now imagine we were malicious and using ransomware encrypted all your data, everything.

That’s what we want to mitigate for you.

The benefits of a penetration test

Our penetration tests will assist you to:

  • Identify realvulnerabilities;
  • Help to develop stronger authentication and session management controls;
  • Improve Identity Management;
  • Help to prevent future exploits and compromises of your systems;
  • Help plug the gaps that could lead to the theft of your data

So what next?

Our experienced penetration testers follow an established methodology based on the OWASP (Open Web Application Security Project) Top 10 Application Security Risks. This approach will simulate the techniques of an attacker using many of the same readily available tools.

  1. Scope: Before any testing begins we will document the test so we are all clear of the scope of the test.
  2. Reconnaissance: During this step we recon your infrastructure using manual and automated tools.
  3. Exploit: The fun part. Using the information identified in the initial phase, we test the application/infrastructure for potential vulnerabilities. This will provide your organisation with the ability to produce an accurate threat and risk assessment.
  4. Reporting: The test results will be fully documented.

Our penetration tests comply with Amazon’s and Microsoft’s Rules of Engagement

For Azure customers this means we limit all penetration tests to your assets. Amazon have a Customer Support Policy for Penetration Testing which we adhere to.

You are welcome to call 07521 704764 for more information.

penetration testing