Penetration testing is a security exercise where a cybersecurity expert attempts to find and exploit vulnerabilities in an application or network, including its supporting infrastructure. The purpose of this simulated attack is to identify any weak spots in a system’s defences which external and internal attackers could take advantage of.
Penetration tests are performed by our cybersecurity experts under your direction – outsourcing – or based on a project tailored to your needs. There are several types of penetration tests, each targeting different types of enterprise assets:
Web application testing runs a simulated attack to identify any weak spots in a web application’s defences which attackers could take advantage of. This may include the attempted breaching of any number of application systems including: application protocol interfaces (APIs), frontend/backend servers, to uncover vulnerabilities, such as unvalidated inputs that are susceptible to code injection attacks.
Cloud Infrastructure testing involves a simulated attack on your cloud infrastructure, where your applications and services are hosted. This sort of testing identifies vulnerabilities present in your hosting infrastructure, servers and operating systems.
Internal penetration testing simulates an attack from within your organisation’s network. The goal of this type of testing is to identify vulnerabilities that could be exploited by an attacker with access to the internal network, such as a current or former employee. Or perhaps an external attacker than has managed to gain a foothold inside your network. An internal pen test can identify how an attacker with internal access may compromise or damage the network, systems, or sensitive data.
External penetration testing, involves testing your perimeter systems from the perspective of an attacker who has no prior access to the network or systems. Perimeter systems are directly accessible over the Internet, and therefore most vulnerable to external attacks.
WiFi penetration testing evaluates the security of your wireless networks. It involves simulating the tactics and techniques that malicious hackers might employ to exploit vulnerabilities in your wireless infrastructure. This may include testing WiFi networks, Bluetooth devices, wireless devices such as keyboards and mice, wireless printers, and routers.
Mobile application penetration testing is a security testing method to evaluate security from inside of a mobile environment. By conducting a mobile penetration test, your organisation can identify vulnerabilities and vectors of an attack that impact the security of the mobile application and its users. We perform iOS and Android mobile penetration testing via manual analysis, supported by automated tooling.
Secure code reviews are a manual or automated process that examines an application’s source code. The goal of this examination is to identify any existing security flaws or vulnerabilities. Code review specifically looks for logic errors, examines spec implementation, and checks style guidelines, among other activities.
Generally, there are two main types of secure code reviews:
Secure code review can occur at any time during the software development life cycle (SDLC), but it’s most impactful when performed earlier, because that’s when it’s easiest and fastest to make fixes to the code. We recommend using automated code scanning tools as an integral part of your CI/CD pipeline.
