Vulnerability assessment tools are utilised to scan a client’s digital collateral. The results of the scan are then scrutinized and a report is submitted with recommendations to mitigate the potential risk or patch systems that require to do so. Vulnerability assessments do not come with exploitation attempts but are rated in the likelihood of accuracy (but without verification). This is often recommended to clients as the starting point in analysing the information security landscape. Often vulnerability assessments are utilised to fulfil compliance requirements.
WEB APPLICATION PENETRATION TESTING
A web application penetration test is most commonly the testing of a website, though it can also be custom applications as well. Here, we attempt to identify any vulnerabilities that may exist that a hacker may pick up on within the application to improve overall security. We focus on utilizing the Open Web Application Security Project (OWASP) framework and methodology to test web applications. Common attacks include SQL injection (SQLi), Cross-Site Scripting (XXS), XML External Entities (XXE) as well as security misconfigurations and much, much more.
A common method of gaining access to your online assets is through the use of social engineering. This may be in the form of phishing, vishing, and other techniques that a hacker may identify. We test your policies and process by emulating a would-be hacker and utilise various real-world methods to gain access to your digital assets. We may call the help desk pretending to be an end-user and asking for a password reset. We may also perform a phishing campaign against the entire organization to see how many people click on a particular link and how many people may submit sensitive information to us. This method is often considered the easiest way to hack your organization as staff members are targeted instead of machines with robust and maintained security measures.
EXTERNAL NETWORK PENETRATION TESTING
An external penetration test is when we attempt to break into a network from the outside. This testing is to emulate an attack that can happen at any time and from anywhere. On top of vulnerability scanning the external-facing network, we will also attempt to verify and exploit potential vulnerabilities found. We will also leverage items found during information intelligence gatherings, such as account credentials that have shown up in past security breaches, to attempt to gain access to networks through credential stuffing and password spraying attacks.
SECURITY AWARENESS TRAINING
More than ever, employees are the weak link in an organization’s network security. They are frequently exposed to sophisticated phishing and ransomware attacks. Employees need to be trained and remain on their toes with security top of mind.
We offer the world’s most popular integrated platform for security awareness training combined with simulated phishing attacks, created by KnowBe4. Find out how we can help you manage the continuing problem of social engineering and create a human firewall.