Penetration Testing

Our Penetration Test is conducted remotely on external networks and applications to identify vulnerabilities that can be abused by attackers.

We perform active analysis of your systems to highlight known and unknown vulnerabilities. Our wide ranging test covers common vulnerabilities such as cross site scripting (XSS), SQL Injection, directory traversal, software configuration, social engineering and DDOS. As well as automated tests, our engineers also test your network manually; attempting to bypass your current security features simulating a real attack on all your Internet facing systems.

We suggest that you run penetration tests at regular intervals, so that one of our engineers can periodically check your network and applications for vulnerabilities. We use open source tools, enterprise grade software, in-house scripts, manual testing and verification techniques. We test all available devices included in the scope of the test. The test can also include stress testing during business hours which simulates a live attack, so you’re aware of all the potential risks

Penetration Testing is typically performed according to the following steps:

1.Following the Nebulas Solutions Group Assessment Framework (Aligned with OSSTMM, OWASP, CVE database, CWE/SANS 25, PTES, PCI compliance methodology)
2.Scoping the activity by conducting a Penetration Testing survey
3.Open-source research in the public domain and social networks
4.Network reconnaissance
5.Identifying the common threats and performing a manual test
6.A comprehensive report suitable to executives, information managers and developers
 

Our Assessment Framework ensures testing covers all avenues of possible attack. The accurate scan results ensure that you can calculate and then evaluate the true risk to your environment and then you can understand your remediation options more clearly which allows you to focus on security, development and risk mitigation.