Penetration Testing and Vulnerability Testing
Know your limitations and gaps
Penetration testing for your network and IT systems
Uncover vulnerabilities in your applications and network systems
Let us hack your network on your terms with a Pentest. This is aimed at your organisation’s IT infrastructure, applications and users, with the aim of gaining access into its IT assets. A vulnerability scan is similar, in discovering your environment and reporting potential exposures.
The purpose of these tests is to let you harden security defences by eliminating vulnerabilities and fixing errors, or shortcomings to reduce the risk to your business.
Typically a penetration test is run twice with the penetration testing tools, to report on improvements made to your security that you have instigate after the initial discovery.
Our testing in an internal test, in which an engineer will perform a thorough internal systems and network test (as well as external) to report on risks from internally within your organisation, as well as ensuring adherence to security best practice. This can be a most alarming report, as undocumented systems, previous mis-configuration or simple issues you have not heard about are reported on.
This is a must do for any business that wants to improve security or place a stake in the ground and report to the business any risks found. Get hacked on your terms.
Vulnerability scanning
The penetration testing performs hacks against your environment, but gaps can still exist. Vulnerability scanning searches your environments and reports on known issues, and risks based on what you have deployed and how you use your systems.
This search will look not only at the types of equipment, but also at the versions that exists. Ideally you want this scanning tool to access your devices and systems (with a onetime temporary password), as this will look at the version of system/application or firmware and look up known issues.
When used in combination with a penetration testing, the vulnerability scan offers the most complete reporting of security status on your environment available.
Get hacked on your own terms
We’ve conducted thousands of penetration tests over the years and our testing methodology has evolved to incorporate a full range of global standards and best practices including:
- Certified Ethical Hacker (CEH) Methodologies (see www.eccouncil.org)
- OWASP Top 10 (see www.owasp.org)
- U.S. National Vulnerability Database (see https://nvd.nist.gov/)
- Open Source Security Testing Methodology Manual (see www.osstmm.org)
Our penetration testing services are designed to determine whether your security posture can withstand an intrusion attempt from an advanced attacker with a specific goal. Our pen test report shows you how applications and systems were breached and provides advice and recommendations to remediate the weaknesses found.
Included in these services is a specific review of:
Applications
Application testing covers mobile applications, web applications, and web services.
Networks
Network testing examines the security stance and procedures around the network assets.
Client Side
Through this type of testing, we can evaluate end users’ susceptibility to conducting attacker requested actions.
PCI DSS
This service takes the complexity out of Vulnerability Assessment and Penetration Testing requirements for PCI.
Remediate your vulnerabilities and holes
We are experts in remediation services such as operating system and applications patching, hardening, configuration management, and other risk reduction operational processes. Should you need help with your remediation strategies or hands-on administration and configuration, we have business plans and change templates ready to go.
Clear results to use in your business
Comprehensive reporting
We offer a detailed executive report, which describes not only the activity and results, but real actionable components to improve security and reduce risk for your business. These are further explored in technical detail, which can be actioned by your security and IT teams, as well as providing long term strategies for IT security.
Follow up
Following on from the report is an executive and/or technical meeting which allows you to discuss the findings and explore the recommendations further.
Testing standards
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines
Customer focus
We incorporate your business goals into the report. If you are focusing on a particular component of your business, or past issues, or even new business ventures, we can provide specific guidance on your strategy.
Scope of engagement
1- Security specialisation & focus
Network and applications security experts will perform the tests, and review the results with you.
3- Confidentiality
We work for you under your specific instructions. All reports are tracked and shared only with the nominated contact for perpetuity.
2- Unbiased advice
We partner with you and keep results and actions between us.
- Strengthen your security and your future security posture
- Actionable components that work for your business
- Prevent future attacks and breaches in your security
- A long term relationship to protect you from attack
4- Long term knowledge exchange
As a customers and user of SOC360 services, even if one-off testing is the only solution, we will continually share and discuss security, compliance and changes in the security landscape.
5- Reputation
Remaining secure and out of the headlines is the long term proof of our activity and reputation, which we strongly value.
Benefits to executive management
- Independent review of your IT systems and security
- Verify your Information Security Management process
- Reduce risk to your business and report progress and activity
- Defend against future damage to your business and reputation
- Benefit from industry best practice
- Ensure compliance
- Arm your CEO with a validated security posture
Benefits to internal security team
- Harden your IT environment and applications
- Protect against malware and virus attacks
- Uncover hidden systems and applications with poor security
- Find poor password policy
- Leverage expert knowledge
- Action from a customised security report
- Validate your existing security posture
- Test your SIEM and security processes
Get hacked on your own terms
‘Hacked’ is a term that can mean many things. However for your security it not only means that a person is ‘in’ your environments, but they can access material (view, copy, take it away) and possibly change material or delete it.
The other use of the word hacked is malicious. Using either the access they have, or tools available to them, hackers can take down your IT systems, or affect the capability of your users and customers.
Penetration testing, works unobtrusively to access your environment. It wont affect your business in anyway, however even after remediation you can still be affected by malicious attacks. That’s where vulnerability scanning comes in, to report possible targets or gaps that hackers may use to take down your systems.
SOC-as-a-Services provides peace of mind, knowing that the security experts are watching you environment.
Industry leading security monitoring and management
Best practice security process
Event analysis, prioritisation and alerting
Supplement your existing security skills
Round the clock monitoring
Cloud based/cloud speed
Real people/real discussions
Your job could be on the line – due to a simple mistake
Do you really know all of your IT infrastructure? How many ghost servers are in your environment from past projects, or what simple development passwords are still sitting on production systems? A penetration test and vulnerability scan can help eliminate these possibilities and more. You cant claim ignorance when it comes to IT security.