Penetration Testing

What is Penetration Testing / Pen Testing?

To ensure security, organisations perform external and internal penetration tests to disclose security vulnerabilities within a network infrastructure from the perception of a outsider and insider, respectively.

Penetration testing (also called as pen testing) must furnish proof of how every vulnerability can be identified and exploited, also the risk level and potential impact of every vulnerability. All the reports should provide helpful suggestions and inexpensive solutions to eliminate every possible vulnerability or diminish the risk to a tolerable level.

The primary objective of the penetration testing is to discover the vulnerabilities in your networks or applications, and to evidently express the probable security impact, if exploited.

Summary of the Services Provided

Penetration testing should be executed at regular intervals.  A professional Penetration Test Engineer will evaluate your network infrastructure and explore for all the possible vulnerabilities.  This can be achieved by manual testing, by using semi-automated tools and script execution and also by various verification techniques. By analysing the results, potential vulnerabilities will be exposed.

Preferences for network penetration tests include:

External Penetration Test / Pen Testing – Performed remotely on external or public facing networks to discover the vulnerabilities that are noticeable to outsiders at large.

Internal Penetration Test / Pen Testing – Conducted on the internal network to notice vulnerabilities that are visible to insiders, contractors, partners with potential malicious intent.

Key Services

Protection from Password/hash attacks Network / application level vulnerability scanning, mapping and analysis Security from exploits against accounts, groups, Extensive customised manual pen tests Elimination of Blended service vulnerability exploits, Clear recommendations and fixes Removal of Back-door deployment and access, Defensive measures against Connectivity attacks.

What you receive?

On completion of the testing phase a report will be compiled, we target to complete the reporting phase within 10 - 15 days of the penetration testing phase completing.The report will be submitted via Acenseo's secure portal area which will only be accessible by nominated staff and the testing team. The test report includes the following details:

Executive summary Vulnerability graph Detailed report of analysis Detected Vulnerabilities Detailed steps for detection Solution to eliminate the Vulnerabities Further training Affected assets Unconfirmed vulnerabilities Detailed steps Solution Further reading Affected assets Observations Description Solution Affected Hosts

The executive summary will also highlight in summary the top 5 issues founds and give the site an overall security rating for easier comparison against future tests.  The executive report will also attempt to highlight key causes – hardware/software failings or human error, this will be on an operating system or application or general security issue discovered.

What to do next?

Contact us on 0118 979 0000 , email us at info@acenseo.com or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.