Penetration Testing

A Penetration Test goes further and deeper than a Vulnerability Assessment. A human tester will safely exploit security weaknesses in order to gain further access to your critical systems, therefore mimicking the actions of a potential attacker.

Benefits of Penetration Testing

Risk Prioritisation

Identify your high risk vulnerabilities so you can prioritise your remediation activities.

Security Culture

Demonstrate mature security culture within the business.

Meet Standards

Meet regulatory and compliance standards, such as PCI DSS and ISO27001.

Data Security

Show your clients that securing their data is important.

Why complete a Penetration Test?

Vulnerabilities exist in operating systems, services, and applications. They are created through application flaws, improper configurations, and end-user behaviours. A penetration test can help to validate adherence to internal policies and the effectiveness of controls across any business infrastructure.

Infrastructure Penetration Test (External)

The external network-layer penetration test provides a ‘real world’ understanding of your internet-facing environment and what could be exploited by the nefarious actions of a hacker or rogue employee. The test is conducted off-site. Network layer penetration testing identifies weaknesses with the configuration of internet-facing system components and any security flaws due to missing patches or misconfigurations.  External penetration testing can also be conducted against cloud-based infrastructure. One Compliance external penetration testing supports PCI DSS requirement 11.3, 11.3.1, and 11.3.3.

Complete System Configuration Review

Contact us to arrange a discussion with one of our consultants

System Configuration Reviews

Configuration reviews cover devices which are not networking components such as servers, desktops, laptops, phones, tablets, etc. The review covers the hardware set-up/configuration and the operating system specifics that interact with that hardware.

Network device configuration reviews cover firewalls, routers, and switches which are used to isolate and segment your network. The review looks at the software levels of the devices, the general configuration, and the implemented rule-sets used to enforce proper segmentation between network security zones.

Cloud services are becoming more commonly used in organisations. One Compliance can review the security setup of your cloud infrastructure to ensure that the configuration is compliant with vendor and industry best practice.