Infrastructure testing

We believe that a secure infrastructure is the foundation for a cyber resilient organization. Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls.

Application testing

Many organizations rely heavily on applications to run their business. These are often the digital shopfront for an organization that can be accessed from anywhere in the world. Commonly this includes presenting information, providing functionality to staff or customers, or providing a backbone for all of the organization’s data processing needs.

Build review

In addition to infrastructure and applications, the security of the underlying servers is key to preventing a compromise. However, should a compromise occur, hardening is important to ensure any breach is sufficiently contained and that an attacker cannot easily move any further around the system or infrastructure.

Mobile application & device

Becoming increasingly more frequent, organizations are now developing and using mobile applications to interact with clients and staff alike. It is important that the applications offer the same levels of security as traditional web applications, and as such, we offer an extensive mobile application penetration testing service of all of the common platforms, including Android, Apple,and Windows Phone applications.

Network device reviews

Network devices within an organization provide the backbone for communication within the infrastructure. If one is compromised this could have a devastating effect on the overall security of the organization. Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, HP, Juniper, Palo Alto, Brocade, SonicWall and Mikrotik.

Wireless penetration testing

Wireless access points can offer attackers a means to attack an infrastructure from a safe distance, often going undetected. Our wireless network testing and configuration review service aims to ensure that those wireless networks are securely implemented and offer a high level of security. The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.

SCADA and ICS testing

Supervisory Control and Data Acquisition (SCADA) systems, also known as Industrial Control Systems (ICS), are commonly deployed within a range of industries including power production, manufacturing, water treatment and oil and gas. Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.

Secure code view

To ensure a ‘defence in depth’ approach to security for applications, we carry out source code reviews. A source code review service is a systematic examination of an application’s source code from both manual and automated perspectives. This ‘white box’ approach is intended to find and fix mistakes overlooked in the initial development phase, which may not always be possible to find with ‘grey box’ or ‘black box’ testing methodologies, improving both the overall quality of software and the developer's skills.

Virtualization testing

More frequently, organizations are now moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. Often, those environments offer an unrestricted means of traversal into corporate environments. Therefore the security posture of virtualized environments can't be overlooked. We carry out a combination of build review and infrastructure testing of virtual environments or private clouds, on both commercial and restricted networks. Our experience includes key products such as VMware, Hyper-V as well as cloud service providers like Amazon and Google.

Stolen laptop reviews

With many laptops or mobile devices being lost or stolen, we review devices to identify what information can be obtained if it falls into the wrong hands. This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.

Gold image build reviews

We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment. This will ensure that the master image has not been infected or tampered with before it's pushed out and used.

Database reviews

We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB as well as others.