Choose your requirements and build your own penetration test quote online.
01 Infrastructure Penetration Test
A penetration test goes a step further than a vulnerability assessment. It simulates the actions of both external and internal attackers whose intention it is to breach the information security of an organisation.
Many tools and techniques are employed in a penetration test. AT SRM our team of highly qualified penetration testers hold, at company and individual level, qualifications including QSA, PA-QSA, GCIH and GCFE. Our consultants are also CREST-approved ethical security testers using their skills and experience to exploit critical systems and gain access to sensitive data.
Our deliverable is a comprehensive but easy to understand detailed breakdown of results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner and mitigation steps for the key risks are explained.
02 Web Application Penetration Test
Testing a website is vital to ensure malicious attack attempts do not exploit poor configuration, out of date patching, cross-site scripting or injection vulnerabilities of the underlying web application.
SRM will undertake a website vulnerability assessment to include:
- Testing of web services for known vulnerabilities and configuration issues
- Identification of the website structure and active code (i.e. web pages providing functionality)
- Testing of functionality and web interactions to ensure that web vulnerabilities (such as the OWASP Top Ten issues) are not present
- Where applicable, SOAP/REST and similar API testing is also undertaken.
03 Mobile Application Penetration Test
As with any technology, mobile applications come with their own set of common issues.
SRM are able to reverse engineer app code where possible, check root protection is in place and highlight any other security issues that may arise due to custom functionality within an app.
SRM will also test the back-end server of a mobile application as this is also commonly a target for hackers.
04 API Penetration Test
Using API documents provided to us, SRM will provide penetration testing against any back-end APIs. We will look for common API issues, such as insufficient access control and attempts will be made to access data that a normal user should not have access to.
All API testing is completely tailored to the specific API calls available and gives excellent value to our clients. SRM will take the size of your API into consideration and focus testing on calls with the highest potential risk.
05 Social Engineering
In information security, the human element can be the weakest link; opening up an organisation to unintentional vulnerability. Social engineering is an attack vector which relies on the psychological manipulation of people to gain access to systems.
This type of attack can take the form of Phishing scams, where emails attempt to gain access information by tricking an individual within an organisation into divulging confidential passwords or details to attackers, enabling them to gain access to systems.
Other forms of social engineering include Pretexting where a fabricated scenario is created to lure an individual into revealing confidential access information. There is also Baiting which are similar to Phishing attacks but access is gained to individuals via, for example, free music or movie download sites.
Baiting attacks can also be physical through the introduction of physical media. An example of this is an infected USB stick which a naïve employee might plug into their computer, activating a keylogger and providing access to a number of login details.
Social engineering attacks are constantly being re-invented but current threats also include Quid Pro Quo, which promises a benefit in exchange for information and Tailgating, where an attacker infiltrates an employee’s account and follows them into a restricted area.
Preventing social engineering attacks requires a number of strategies, including education, alerts and regular monitoring.
06 Contact Options
Would you like us to get in touch about your quote, or provide a formal quote?
07 Get my quote
We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME) and Tiger.
Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner so that we can work together to mitigate the key risks to your business.
To get your result, simply fill out your details in the form.