Penetration Testing

Penetration testing, also known as Pen testing, is a proven approach to identifying weakness in a business. The process allows for systematic probing of processes, procedures and infrastructures, in order to identify and exploit vulnerabilities. 

The goal of penetration testing is to determine if unauthorized access to key systems and files can be achieved. If access is achieved, the vulnerability should be corrected and a reiteration of the penetration test will be conducted until the risk is resolved. We work on a 4 point methodology for penetration testing which has become a proven success in delivering a well-balanced report with an actionable roadmap. 

  1. Client Brief & Threat Assessment
  2. Vulnerability Analysis
  3. Penetration Testing
  4. Reporting & Mitigation

More details of each step below:

Client Brief & Threat Assessment

A penetration test evaluates the security of an IT infrastructure by safely trying to exploit vulnerabilities. It is critical to ensuring success within a cyber defence strategy.

These vulnerabilities may exist in operating systems, service and application flaws, improper configurations, or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.

Vulnerability Analysis

A Vulnerability Analysis of your business will identify, list and prioritise the weaknesses in your IT system and often web applications also.

While a Vulnerability Analysis will determine remediation work that needs to be carried out, a Penetration Test will utilise these weaknesses to attempt to access the system, often with a specific goal in mind.

Technical analysis alone is not sufficient to provide a clear view of organisational weaknesses. As such, we conduct a physical penetration test as this will reveal real-world opportunities for unwanted/illegal persons' capacity to compromise physical barriers in such a way that allows for unauthorised physical access to sensitive areas leading up to data breaches and system/network compromise.

  • Forms of Physical Security
    • Barriers (fences, car barriers)
    • Access control design
      • Piggy backing (or tailgating) (form of social engineering)
      • Bypassing access controls
    • Guard posts/patrols
    • Mechanical (gates, doors, locks, etc.)
    • Electronic (key cards-magnetic, RFID, proximity, etc.; biometrics; etc.)
  • Surveillance/Monitoring Techniques (e.g., Cameras/CCTV)
    • Intrusion Detection/Motion Sensors
  • Visual and Audio Deterrents
    • Alarms
    • Security Lighting

Penetration Testing

Our cyber security technical experts will probe your IT systems and assess the physical security of your business premises working from the outside in. The aim of this pen test is to exploit any vulnerabilities found that could allow unauthorised access to key IT systems that could lead to the loss of company information or disruption to normal business activities. Pen testing outside of the organisation is best practice for the benefit of independence.

At Resilient Defence we pride ourselves on being industry leaders in this regard and work closely with our clients to review existing communications within the organisation.  We then proceed to probe the communication culture with a view to breaching the system, carrying out a GAP analysis. 

Our Penetration Testing Methodology is as follows:

  • Consultation Phase
  • Reconnaissance & Open Source Investigation Phase
  • Vulnerability Assessment
  • Exploitation Phase
  • Post Exploitation Phase
  • Reporting
Reporting & Mitigation

With the technical and physical assessments concluded, we will provide you with a clear, digestible report, establishing current risk levels and essential remedial steps necessary to secure your business moving forward.

Resource and budgetary restrictions may limit the implementation of all recommendations right away but our team will be on hand to discuss each element, the real risk to business assets and provide cost-effective solutions to reduce if not completely mitigate the risk.

When your business is ready to take the next steps, we can help you consider the best course of action for you business. 

Building Defence In Depth

To speak to an advisor, call us or complete our contact form.