Penetration Testing| One Compliance

A Penetration test goes further and deeper than a Vulnerability Assessment. A human tester will safely exploit security weaknesses in order to gain further access to your critical systems, therefore mimicking the actions of a potential attacker.

Benefits of Penetration Testing

Risk Prioritisation

Identify your high risk vulnerabilities so you can prioritise your remediation activities.

Security Culture

Demonstrate mature security culture within the business

Meet Standards

Meet regulatory and compliance standards, such as PCI DSS and ISO27001

Data Security

Show your clients that securing their data is important

Why complete a Penetration Test?

Vulnerabilities exist in operating systems, services and applications. They are created through application flaws, improper configurations and end-user behaviours. A penetration test can help to validate adherence to internal policies and the effectiveness of controls across any business infrastructure.

Download Datasheet

Infrastructure Penetration Test (Internal)

The internal network-layer penetration test provides a ‘real world’ understanding of how your environment looks and what could be exploited by the nefarious actions of a hacker or rogue employee. The test is usually conducted on-site, however, depending on the size and scale of the agreed scope, it can also be conducted remotely. Network layer penetration testing identifies weaknesses with the configuration of hosts, servers and any security flaws due to missing patches or misconfigurations.

Network segmentation test (Internal)

The internal network segmentation test ensures that sensitive business functions are isolated from other areas of the network. Segmentation testing ensures that this isolation is effective and appropriate to enable sensitive business functions to remain secure.

Web Application Penetration Test (External)

Web application penetration testing is conducted from our secure data centre and aims to identify application layer vulnerabilities. Throughout the testing process the application will be subject to both automated and manual tests, to determine if it is susceptible to the Open Web Application Security Project (OWASP) top-10 list of application vulnerabilities. Further testing is available for specialist areas including the OWASP mobile top 10, SANS, NIST or compliance framework-based testing. Web applications penetration tests can also be conducted for internally facing web-based applications.

Mobile Application Tests (External)

In the modern world, more companies are pushing out mobile apps to clients and staff members – these apps pose a significant risk of losing data therefore testing them regularly is essential to any security plan. One Compliance will test features such as application sandboxing and mobile platform usage, transmission and storage of data, authentication mechanisms and cryptographic mechanisms.

Complete System Configuration Review

Configuration reviews cover devices which are not networking components such as servers, desktops, laptops, phones, tablets etc. The review covers the hardware set-up/configuration and the operating system specifics that interact with that hardware.

Network device configuration reviews cover firewalls, routers and switches which are used to isolate and segment your network. The review looks at the software levels of the devices, the general configuration and the implemented rule-sets used to enforce proper segmentation between network security zones.

Wireless infrastructure tests are conducted on-site and covers internal, approved wireless network configuration and security, guest, third party or internet-only wireless network configuration and security and identification of any unauthorised wireless devices.

Penetration Testing