Penetration testing is a crucial element of our bespoke test and exercise services, engineered to deliver a robust and cost-effective solution for your testing requirements.
Bespoke Penetration Testing
While each of the solutions below can be seen as a service, we do not simply sell them as packages. What SRM provide is a fully scoped service which helps us work with clients to produce a completely bespoke test and exercise schedule which delivers exactly what is required but with no unnecessary add-ons. This ensures that working with us is a rigorous but cost-effective solution.
A vulnerability assessment is an analytical process that defines, identifies and classifies security holes (vulnerabilities) in individual computers, networks or communication infrastructures. Effectively, a vulnerability assessment is a base level evaluation of an organisation’s information security posture. It provides coverage across a wide range of systems and a surface level assessment which identifies weaknesses and issues. SRM utilises a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions. A full no-jargon report provides details of the assessment together with practical remediation steps.
A penetration test goes a step further than a vulnerability assessment. It simulates the actions of both external and internal attackers whose intention it is to breach the information security of an organisation. Many tools and techniques are employed in a penetration test. At SRM our team of highly qualified penetration testers hold, at company and individual level, qualifications including CREST. Our approved ethical security testers use their skills and experience to exploit critical systems and gain access to sensitive data. Our deliverable is a comprehensive but easy to understand detailed breakdown of results presented by a consultant in an easy-to-interpret report. It will identify the threats in a jargon-free manner and mitigation steps for the key risks are explained.
Advanced Penetration Testing
Not only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure. Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure.
- Websites and associated applications
- Third party applications
- Firewall, IPS & IDS Evasion
- Company and client wireless solutions
- Internet of Things (IOT) both devices and management infrastructure
- End user device testing including printers and other peripheral devices
- Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks
- Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions)
We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME), Tiger and our team includes individuals who hold the CREST ethical security testing qualification. Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner so that we can work together to mitigate the key risks to your business.
Web Application Testing
Testing a website is vital to ensure malicious attack attempts do not exploit poor configuration, out of date patching, cross-site scripting or injection vulnerabilities of the underlying web application. SRM will undertake a website vulnerability assessment to include:
- Testing of web services for known vulnerabilities and configuration issues
- Identification of the website structure and active code (i.e. web pages providing functionality)
- Testing of functionality and web interactions to ensure that web vulnerabilities (such as the OWASP Top Ten issues) are not present
- Uniquely SRM will search for malicious web shells which we have uncovered from the numerous PCI PFI investigations undertaken
- We will test for the latest security vulnerabilities to meet the testing requirements of PCI DSS.
Where applicable, SOAP/REST and similar API testing is also undertaken.
Network Security Testing
All organisations, from huge multi-nationals to charities and SMEs, rely on networks – wired, wireless and cloud based for their business connectivity. Regular and robust testing will identify any risks to the backbone of your operation. SRM’s network testing methodology includes:
- Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisation
- Remote access solutions and Virtual Private Networks (VPN)
- Company telephone solutions, including Voice Over IP (VoIP) and any mobile solutions in scope
- Review of Operating Systems, patching policies and change governance process
Cloud deployed services including client access as appropriate
Tests explained For those who would like to understand more of the comprehensive nature of testing that SRM can offer, the information below may be of interest. Incident simulation Skilled ethical hackers undertake a virtual attack using existing or potential vulnerabilities and play out the impact on the organisation through a variety of social engineering exercises, including news and social media responses and escalation simulation. It is a useful practical test of remediation protocols and a valuable educational tool. Business Continuity simulation Similar to the Incident Simulation exercise, this tests the business continuity resilience of an existing remediation plan and helps to develop robust protocols for the future. Vulnerability exploitation Network vulnerability exploitation identifies if a remote host is vulnerable to a particular attack, through developing testing and using known exploit code. These automated scans are a useful tool where specific threats are a relevant factor. Correct scoping is key to an effective vulnerability exploitation scan. Post exploitation The post exploitation phase of any type of penetration test is to determine the value of the machine compromised, the sensitivity of the data stored and the potential for compromising the whole network. This analysis enables an organisation to evaluate risk and mitigate the risk of further damage. This phase can include escalating privileges on a compromised host as well as pivoting through the machine to attack or interact with other hosts on the network. Web application testing A web application proxy tool specifically designed to test security is used to test web applications and web-related interfaces. These automated tools provide a quick method for finding many common vulnerabilities such as SQL injection and cross-site scripting (XSS). They are used to test web applications and web related interfaces, testing for performance, load and stress of web applications, websites, web API, web servers and other web interfaces. These tools are often used during manual testing as they often prove useful in understanding and manually exploiting web applications where automated testing is not sufficient. Application Programming Interface (API) testing In general terms, API is a set of clearly defined methods of communication between various software components. An API may be for a web-based system, operating system, database system, computer hardware or software library. As the glue that joins a range of web-based applications and platforms together it needs to be secure. Phishing A social engineering attack, Phishing presents a particular risk to organisations because Trojan horses and viruses can be introduced into an entire network via one device. Attackers will also often try to trick staff members into disclosing login credentials or making payments. Testing for phishing vulnerability includes automated attack simulations. Mitigation includes education, quality security awareness training and actionable reporting metrics. Vishing Is another type of social engineering attack, similar to Phishing but it is conducted over the telephone. Scammers contact individuals and trick them into giving access to computer accounts. Usually impersonating a trusted company, they leverage urgency to get victims to act quickly without thinking the situation through. Smishing Is a variant of the same social engineering attack method, using SMS text messages to download a Trojan horse or virus onto a personal device. The testing procedure will highlight where potential intrusions have taken place and the extent of the attack within a network. Mitigation includes the removal of suspect viruses. Open Source Intelligence (OSINT) Report OSINT is a term used to refer to the data that can be collected from publicly available sources, to be used within an intelligence context. The use of ‘open’ goes back to the term as it is used within the intelligence community, meaning publicly available and not obtained through espionage. Although open in the sense that content found on Facebook, social media, telephones or emails, there are elements which should not be open to hackers. These include passwords or log in details which may not be readily visible but are embedded within the files somewhere. A detailed report identifies vulnerabilities and provides a managed process for the reduction of these threats to an acceptable level. Wireless testing A systematic test of smartphones, feature phones, wireless routers, hotspots, tablets, laptops, network-enabled devices and Information of Things (IOT) devices. An automated testing process, correct scoping is, as always, the key to successful identification and removal or risk. Physical intrusion Small intrusion devices can be used to bypass Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). Usually requiring access to the premises, these can take the form of USB sticks or specialist equipment like a raspberry pie (a tiny computer to which all sorts of different sensors and equipment can be hooked up). These are then configured to provide an external hacker with remote access to network systems. As many hacks these days are conducted by employees, testing for evidence of rogue intrusion is an important aspect of information security. Dropbox placement Dropbox is diligent about keeping previous versions of files on record. By default, it goes back about a month keeping hundreds of versions of regularly used files. Ransomware infection can therefore expose an organisation to sensitive data being exposed. An automated test can gauge the risk as well as any potential infection, thus enabling an organisation to take steps to protect files and move some Dropbox content to a safe location if required
Social Engineering Testing
Phishing, baiting or tailgaiting: the team at SRM can safely and securely build an attack scenario to test how the organisation would respond to a real and malicious attempt of this nature.
Red Team Engagement
SRM’s CREST qualified consultants combine a rigorous training process with real-world experience so they can think creatively and with the mindset of a genuine hacker. The difference is that they work for you.
Virtual CISO ™ Virtual ISM ™
At SRM we have developed VirtualCISO™ and VirtualISM™, which are totally bespoke services, providing as much or as little as required depending on the individual company.
Pen testing: putting a price on peace of mindMonday, June 10th, 2019
When it comes to securing appropriate budgets for pen testing, the key thing is not cost, but value. Yet there is sometimes an uncomfortable dichotomy between what people want..
What is a vulnerability assessment and how should you use it?Friday, March 29th, 2019
If your business is a house, with all that you hold precious contained inside it, then a vulnerability assessment is the regular checking of doors and windows to ensure..
It’s not a Dark Art: how we demystify cyber securityFriday, March 15th, 2019
It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..