Cookies policy

The SRM website uses cookies to store information on your computer. By continuing to browse this website you are agreeing to our use of cookies. Learn more

The cookies stored on your computer when using the SRM website are used to anonymously record your usage of the website using Google Analytics.

Please read our privacy policy for further information.

Cookies accepted

Thank you - you've accepted our cookies policy.

Test and Exercise

SRM's team is made up of technical experts with the very highest level of professional training. But that is not what makes us unique.

SRM's Test & Exercise (T&E) team

What distinguishes the SRM team is the fact that our consultants have a wide experience in other areas of information security consultancy so the test and exercise programme is not conducted in isolation but within the wider context of a client’s business activity.

What is more, every project is fully bespoke, starting with a T&E scoping schedule which ensures precisely targeted cost-effective delivery which meets the wider legal and regulatory requirements within any given sector.

SRM’s T&E team includes consultants who hold the Offensive Security Certified Professional (OSCP) qualification. The OSCP training includes extensive practical work and getting into the mindset of a potential hacker. We consider this to be the very best qualification for advanced penetration testing because it enables our team to be proactive and innovative rather than simply reactive.

Through our detailed scoping process we ensure that it’s not just the elements that have been tested before that are scrutinised. As the world of test and exercise constantly evolves, the scoping exercise determines the widest range of risks and vulnerabilities which could potentially be exposed by an innovative hacker.

We are extremely proud of our high level of client retention. We have an unrivalled reputation for delivering excellent client service and many of our clients have worked with us for over five years.

SRM testing solution matrix

The table below aims to demonstrate the varying ways of aggregating the range of services provided by SRM, along with the category of testing they fall into. Please note that the services and package options are representative and do not mean that SRM only provides these services within a package or that each aspect is a requirement. SRM provides a fully bespoke Testing and Exercise Solution which fits an organisation’s vulnerabilities and requirements. Only the precise services required will be recommended and the proposal will be fully costed as part of our ‘Free Scope Consultation’ service at the outset.

  Vulnerability Assessment Penetration Testing Advanced Penetration Testing Web Application Testing Social Engineering Red Team
Free scope consultation
Final scope agreement Defined with client Defined with client Defined with client Defined with client Defined with client Defined with client
Purpose of service Security Health Check Client objective driven Client objective driven Client objective driven Educational Client objective driven
User targets
Onsite/internal testing
Remote/external testing
Vulnerability scanning & identification

Vulnerability scanning & identification

An independent inventory of devices which are currently attached to a network to ensure that adequate security is in place. Automated software scans a system against known vulnerability signatures.

Manual testing

Manual testing

Sometimes an automated scan does not include the full scope of the risk. Manual testing is an additional element to extend the range of the test for a particular risk or organisation.

Incident simulation

Incident simulation

Skilled ethical hackers undertake a virtual attack using existing or potential vulnerabilities and play out the impact on the organisation through a variety of social engineering exercises, including news and social media responses and escalation simulation. It is a useful practical test of remediation protocols and a valuable educational tool.

Business continuity simulation

Business continuity simulation

Similar to the Incident Simulation exercise, this tests the business continuity resilience of an existing remediation plan and helps to develop robust protocols for the future.

Vulnerability exploitation

Vulnerability exploitation

Network vulnerability exploitation identifies if a remote host is vulnerable to a particular attack, through developing testing and using a known exploit code. These automated scans are a useful tool where specific threats are a relevant factor. Correct scoping is key to an effective vulnerability exploitation scan.

Post exploitation

Post exploitation

The post exploitation phase of any type of penetration test is to determine the value of the machine compromised, the sensitivity of the data stored and the potential for compromising the whole network. This analysis enables an organisation to evaluate risk and mitigate the risk of further damage.

Web application testing

Web application testing

A web application performance tool (WAPT) is used to test web applications and web-related interfaces. These automated tools provide a quick method for finding many common vulnerabilities such as SQL injection and cross-site scripting (XSS). They are used to test web applications and web related interfaces, testing for performance, load and stress of web applications, websites, web API, web servers and other web interfaces.

Application programming interface testing

Application programming interface testing

In general terms, API is a set of clearly defined methods of communication between various software components. An API may be for a web-based system, operating system, database system, computer hardware or software library. As the glue that joins a range of web-based applications and platforms together it needs to be secure.

Soak testing
REST cache testing
Phishing

Phishing

A social engineering attack, Phishing presents a particular risk to organisations because Trojan horses and viruses can be introduced into an entire network via one device. Testing for phishing vulnerability includes automated attack simulations. Mitigation includes education, quality security awareness training and actionable reporting metrics.

Vishing and/or Smishing

Vishing and/or Smishing

Vishing

Is another type of social engineering attack, similar to Phishing but it is conducted over the telephone. Scammers contact individuals and trick them into giving access to computer accounts. Usually impersonating a trusted company, they leverage urgency to get victims to act quickly without thinking the situation through.

Smishing
Is a variant of the same social engineering attack method, using SMS text messages to download a Trojan horse or virus onto a personal device. The testing procedure will highlight where potential intrusions have taken place and the extent of the attack within a network. Mitigation includes the removal of suspect viruses.

Open Source Intelligence (OSINT) Report

Open Source Intelligence (OSINT) Report

OSINT is a term used to refer to the data that can be collected from publicly available sources, to be used within an intelligence context. The use of 'open' goes back to the term as it is used within the intelligence community, meaning publicly available and not obtained through espionage. Although open in the sense that content found on Facebook, social media, telephones or emails, there are elements which should not be open to hackers. These include passwords or login details which may not be readily visible but are embedded within the files somewhere.

A detailed report identifies vulnerabilities and provides a managed process for the reduction of these threats to an acceptable level.

Wireless testing

Wireless testing

A systematic test of smartphones, feature phones, wireless routers, hotspots, tablets, laptops, network-enabled devices and Information of Things (IOT) devices. An automated testing process, correct scoping is, as always, the key to successful identification and removal or risk.

Physical intrusion

Physical intrusion

Small intrusion devices can be used to bypass Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). Usually requiring access to the premises, these can take the form of USB sticks or specialist equipment like a raspberry pie (a tiny computer to which all sorts of different sensors and equipment can be hooked up). These are then configured to provide an external hacker with remote access to network systems. As many hacks these days are conducted by employees, testing for evidence of rogue intrusion is an important aspect of information security.

OSCP qualified testing

OSCP qualified testing

Considered to be the top level qualification for information security testers, the Offensive Security Certified Professional (OSCP) course requires extensive practical hacking expertise.

Dropbox placement

Dropbox placement

Dropbox is diligent about keeping previous versions of files on record. By default, it goes back about a month keeping hundreds of versions of regularly used files. Ransomware infection can therefore expose an organisation to sensitive data being exposed. An automated test can gauge the risk as well as any potential infection, thus enabling an organisation to take steps to protect files and move some Dropbox content to a safe location if required.

Network security testing

Network security testing

All organisations, from huge multi-nationals to charities and SMEs, rely on networks - wired, wireless and cloud based for their business connectivity. Regular and robust testing will identify any risks to the backbone of your operation.

Regular updates/wash-up meeting
Detailed report
Report walkthrough

Services

Within this section of the website, we detail the types of test and exercise we undertake on behalf of clients. While each can be seen as a service, we do not simply sell them as packages. What we provide is a full scoped client service which helps us work with clients to produce a completely bespoke test and exercise schedule delivering exactly what is required but with no unnecessary add-ons. This ensures that working with us is a rigorous but cost effective solution.

Vulnerability testing

A vulnerability assessment is an analytical process that defines, identifies and classifies security holes (vulnerabilities) in individual computers, networks or communication infrastructures.

Effectively, a vulnerability assessment is a base level evaluation of an organisation’s information security posture. It provides coverage across a wide range of systems and a surface level assessment which identifies weaknesses and issues.

SRM utilises a leading web application and infrastructure scanning tool which automates the discovery of security flaws within network perimeters to quickly identify any required remediating actions. A full no-jargon report provides details of the assessment together with practical remediation steps.

Penetration testing

A penetration test goes a step further than a vulnerability assessment. It simulates the actions of both external and internal attackers whose intention it is to breach the information security of an organisation.

Many tools and techniques are employed in a penetration test. AT SRM our team of highly qualified penetration testers hold, at company and individual level, qualifications including QSA, PA-QSA, GCIH, GCFE and the industry gold, OSCP. Our consultants are also CREST-approved ethical security testers using their skills and experience to exploit critical systems and gain access to sensitive data.

Our deliverable is a comprehensive but easy to understand detailed breakdown of results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner and mitigation steps for the key risks are explained.

Advanced penetration testing

Not only does your system need to be secure; it needs to be seen to be secure. We work with you to understand your business requirements to develop a test plan which satisfies all stakeholders that your web and supporting infrastructure are secure.

Our service considers external and internal threats using proven tools to simulate attacks on your infrastructure.

  • Websites and associated applications
  • Third party applications
  • Firewall, IPS & IDS Evasion
  • Company and client wireless solutions
  • Internet of Things (IOT) both devices and management infrastructure
  • End user device testing including printers and other peripheral devices
  • Mobile applications (IOS/Android & Windows), including OWASP Top 10 Mobile Risks
  • Social engineering (to fully test your IS awareness policies) Telephony / VoIP systems (on premise and hosted solutions)

We hold a range of accreditations both at a company and individual level including QSA, PA-QSA, CISSP, Cyber Essentials (IASME), Tiger and the industry gold OSCP.

Our deliverable to you will be a comprehensive but easy to understand detailed breakdown of all your results presented by a consultant in an easily interpretable report. It will identify the threats in a jargon-free manner so that we can work together to mitigate the key risks to your business.

Web Application Testing

Testing a website is vital to ensure malicious attack attempts do not exploit poor configuration, out of date patching, cross-site scripting or injection vulnerabilities of the underlying web application.

SRM will undertake a website vulnerability assessment to include:

  • Testing of web services for known vulnerabilities and configuration issues
  • Identification of the website structure and active code (i.e. web pages providing functionality)
  • Testing of functionality and web interactions to ensure that web vulnerabilities (such as the OWASP Top Ten issues) are not present
  • Uniquely SRM will search for malicious web shells which we have uncovered from the numerous PCI PFI investigations undertaken
  • We will test for the latest security vulnerabilities to meet the testing requirements of PCI DSS.
  • Where applicable, SOAP/REST and similar API testing is also undertaken.

Red team

What is a Red Team Engagement?

In the world of information security which is riddled with acronyms, the deceptively simple ‘Red Team’ may take a little explaining. Breaking down the initial letters of industry terms usually provides a clear indication of the service provided. But the term Red Team has its origins in the US intelligence community and its actual meaning is a little more mysterious. In that context, a Red Team explores alternative futures, challenging an organisation to improve its effectiveness.

In our context, a Red Team provides real-world attack simulations designed to assess and significantly improve the effectiveness of an entire information security programme.

Where a normal penetration test focuses on identifying and exploiting issues within a specific system/clearly defined scope, the Red Team differs in that it is very much goal/objective orientated. As a result, this allows for a much larger attack surface for the penetration tester to target in an effort to reach the pre-defined goal/objective.

Purpose

To put your network, applications, people and processes to the ultimate security test, you need to subject yourself to real-world scenarios that are designed to establish how well your defence and response processes measure up. This is achieved through a combination of simulated social engineering (physical and technical), network and application attacks from SRM.

The Solution

The key difference between a penetration test and Red Team engagement is the extent of scope; thus replicating the wider view an actual attack would have. Whilst a penetration test is often focused on a key application or system, a Red Team engagement is fully bespoke and often ‘goal orientated’. This goal will often be: ‘we have this highly sensitive network/piece of data/solution – can you get access to it?’

Red Team engagement includes a wide variety of applications, systems, people and physical locations within the scope of testing. Naturally, the extent to which the Red Team will operate and engage will be defined by you, but it will take a wider view of potential attack vectors and mirror a persistent attacker. Consultants with OSCP qualifications have undertaken a rigorous training process to learn real-life hacking skills, helping them to think creatively and with the mindset of a genuine hacker.

A Red Team engagement will therefore have free rein in terms of attempting to gain access to the defined goal whilst ensuring a controlled approach.

The Benefits

The benefits of this approach are that it allows you to validate your protection, monitoring and response solutions or processes. This assists in ensuring your organisation can respond to an emulated ‘real-world’ attack where varying avenues of approach can be used, rather than a limited focus on a single system.

The ultimate goal is to use offensive techniques to enable you to identify areas for improvement and/or to validate the capability of your response. Even in the event of the objective not being wholly realized a number of recommendations/learning experiences will still be achieved, thus always assisting towards further improvement of your security capabilities.

Tests explained

Vulnerability scanning and identification

An independent inventory of devices which are currently attached to a network to ensure that adequate security is in place. Automated software scans a system against known vulnerability signatures.

Manual testing

Sometimes an automated scan does not include the full scope of the risk. Manual testing is an additional element to extend the range of the test for a particular risk or organisation.

Incident simulation

Skilled ethical hackers undertake a virtual attack using existing or potential vulnerabilities and play out the impact on the organisation through a variety of social engineering exercises, including news and social media responses and escalation simulation. It is a useful practical test of remediation protocols and a valuable educational tool.

Business Continuity simulation

Similar to the Incident Simulation exercise, this tests the business continuity resilience of an existing remediation plan and helps to develop robust protocols for the future.

Vulnerability exploitation

Network vulnerability exploitation identifies if a remote host is vulnerable to a particular attack, through developing testing and using a known exploit code. These automated scans are a useful tool where specific threats are a relevant factor. Correct scoping is key to an effective vulnerability exploitation scan.

Post exploitation

The post exploitation phase of any type of penetration test is to determine the value of the machine compromised, the sensitivity of the data stored and the potential for compromising the whole network. This analysis enables an organisation to evaluate risk and mitigate the risk of further damage.

Web application testing

A web application performance tool (WAPT) is used to test web applications and web-related interfaces. These automated tools provide a quick method for finding many common vulnerabilities such as SQL injection and cross-site scripting (XSS). They are used to test web applications and web related interfaces, testing for performance, load and stress of web applications, websites, web API, web servers and other web interfaces.

Application Programming Interface (API) testing

In general terms, API is a set of clearly defined methods of communication between various software components. An API may be for a web-based system, operating systemdatabase systemcomputer hardware or software library. As the glue that joins a range of web-based applications and platforms together it needs to be secure.

Phishing

A social engineering attack, Phishing presents a particular risk to organisations because Trojan horses and viruses can be introduced into an entire network via one device. Testing for phishing vulnerability includes automated attack simulations. Mitigation includes education, quality security awareness training and actionable reporting metrics.

Vishing

Is another type of social engineering attack, similar to Phishing but it is conducted over the telephone. Scammers contact individuals and trick them into giving access to computer accounts. Usually impersonating a trusted company, they leverage urgency to get victims to act quickly without thinking the situation through.

Smishing

Is a variant of the same social engineering attack method, using SMS text messages to download a Trojan horse or virus onto a personal device. The testing procedure will highlight where potential intrusions have taken place and the extent of the attack within a network. Mitigation includes the removal of suspect viruses.

Open Source Intelligence (OSINT) Report

OSINT is a term used to refer to the data that can be collected from publicly available sources, to be used within an intelligence context. The use of ‘open’ goes back to the term as it is used within the intelligence community, meaning publicly available and not obtained through espionage. Although open in the sense that content found on Facebook, social media, telephones or emails, there are elements which should not be open to hackers. These include passwords or log in details which may not be readily visible but are embedded within the files somewhere.

A detailed report identifies vulnerabilities and provides a managed process for the reduction of these threats to an acceptable level.

Wireless testing

A systematic test of smartphones, feature phones, wireless routers, hotspots, tablets, laptops, network-enabled devices and Information of Things (IOT) devices. An automated testing process, correct scoping is, as always, the key to successful identification and removal or risk.

Physical intrusion

Small intrusion devices can be used to bypass Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS). Usually requiring access to the premises, these can take the form of USB sticks or specialist equipment like a raspberry pie (a tiny computer to which all sorts of different sensors and equipment can be hooked up). These are then configured to provide an external hacker with remote access to network systems. As many hacks these days are conducted by employees, testing for evidence of rogue intrusion is an important aspect of information security.

OSCP qualified testing

Considered to be the top level qualification for information security testers, the Offensive Security Certified Professional (OSCP) course requires extensive practical hacking expertise.

Dropbox placement

Dropbox is diligent about keeping previous versions of files on record. By default, it goes back about a month keeping hundreds of versions of regularly used files. Ransomware infection can therefore expose an organisation to sensitive data being exposed. An automated test can gauge the risk as well as any potential infection, thus enabling an organisation to take steps to protect files and move some Dropbox content to a safe location if required

Network security testing

All organisations, from huge multi-nationals to charities and SMEs, rely on networks – wired, wireless and cloud based for their business connectivity. Regular and robust testing will identify any risks to the backbone of your operation. SRM’s network testing methodology includes:

  • Routers, switches, firewalls (both physical and software based) and Wi-Fi access points internal and external to the organisation
  • Remote access solutions and Virtual Private Networks (VPN)
  • Company telephone solutions, including Voice Over IP (VoIP) and any mobile solutions in scope
  • Review of Operating Systems, patching policies and change governance process
  • Cloud deployed services including client access as appropriate

OSCP