Penetration Testing

Advanced testing by CREST, CESG CHECK and PCI experts.

What is Penetration Testing?

Penetration testing, also referred to as pen testing, is a simulated real world attack on a network or application that identifies vulnerabilities and weaknesses.

Penetration tests (pen tests) are part of an industry recognised approach to identifying and quantifying risk. They actively attempt to ‘exploit’ vulnerabilities and exposures in a company’s infrastructure, applications, people and processes. Through exploitation, Nettitude is able to provide context around the vulnerability, impact, threat and the likelihood of a breach in an information asset.

It is frequently possible for a pen tester to gain remote access to operating systems, application logic and database records. Through active exploitation of direct and interconnected systems, Nettitude can provide strategic guidance on risk and tailored advice on counter measures.

Why Nettitude?

As an independent world-wide provider of penetration testing services, Nettitude carries out cyber security testing, security auditing and PCI services in some of the most high profile organisations across the world. Our depth and breadth of experience enable us to deliver focused engagements that address the vulnerabilities in infrastructure, application, mobile devices and wireless. Our approach blends technical and social assessment to give organisations a true understanding of their cyber risk.

Nettitude is one of the leading penetration testing companies in the UK. We specialise in all types of penetration testing, anytime, anywhere and for any organisation. Read about our skills and experience below. Arrange a free no-obligation consultation today by contacting one of our offices.

Nettitude is one of the leading penetration testing companies in the UK. We specialise in all types of penetration testing, anytime, anywhere and for any organisation. Read about our skills and experience below. Arrange a free no-obligation consultation today by contacting one of our offices.

What accredititations should i look for in a penetration tester provider?

As a leading penetration testing company, Nettitude holds the most coveted accreditations across the world.

Nettitude is a full CREST member company. The Nettitude security testing team includes CREST certified Infrastructure Testers (CCT Inf), CREST certified Web Application Testers (CCT App) and CREST Registered Testers. Nettitude is a proud member of the UK Government’s CESG CHECK scheme. Our team of testers includes CHECK Team Leaders within infrastructure and web application, as well CHECK Team Members. We are also an accredited supplier of CBEST and an approved provider of STAR testing services.

Nettitude is an ISO27001 certified organisation and conducts all external testing engagements from within a rigorously controlled environment. Nettitude’s security consultants hold CISSP qualifications, and many also host CISA and CISM accreditations. All of our pen testers have been fully background checked and carry UK CESG Government. In addition, our team is comprised of industry recognised consultants and published authors that have been recognised by the media and cyber security community.

Learn more about Nettitude’s penetration testing skills and experience:

Industry leading CREST and CESG CHECK testers

Management and technical reports

Proven testing methodology

Internal penetration testing

External penetration testing

Vulnerability assessment services

Web application testing / website penetration testing

Full security audit services

PCI compliance services

What are the different types of Penetration Testing?

There are both internal and external penetration tests, dependant on whether the tester is accessing the physical environment of the internet facing environment.

Penetration tests can traditionally be run internally within an organisation or externally from the internet. The appropriate vantage point for the testing should be determined by organisations focus on risk. In addition, the two places for testing are not mutually exclusive. Organisations with a strong focus on risk management will most frequently conduct testing from both an internal and external perspective.

Internal Penetration Testing

This type of testing assesses security through the eye of an internal user, a temporary worker, or an individual that has physical access to the organisation’s buildings.

Internal penetration tests are conducted from within an organisation, over its Local Area Network (LAN) or through WIFI networks. The tests will observe whether it is possible to gain access to privileged company information from systems that are inside the corporate firewalls.

Testers will assess the environment without credentials, and determine whether a user with physical access to the environment could extract credentials and then escalate privileges to that of an administrator or super user within the environment.

During an internal penetration test, the tester will attempt to gain access to sensitive data including PII, PCI card data, R&D material and financial information. They will also assess whether it is possible to extract data from the corporate environment and bypass any DLP or logging devices so as to assess any countermeasures or controls that have been put in place.

External Pen Testing

This type of testing assesses an organisations infrastructure from outside of the perimeter firewall on the Internet. It assesses the environment from the vantage point of an internet hacker, a competitor or a supplier with limited information about the internet facing environment.

External pen testing will assess the security controls configured on the access routers, firewalls, Intrusion Detection Systems (IDS) and Web Application Firewalls (WAFS), that protect the perimeter.

External tests will also provide the ability to assess security controls for applications that are published through the internet. Nettitude recognises that there is increasing logic being built into web services to deliver extranet, e-commerce and supply chain management functions into Internet users. As a consequence, Nettitude pays particular attention to these resources, and performs granular assessments on their build and configuration, as well as interaction with other data sources that sit in your protected network segments.

What are the different penetration testing strategies?

Let Nettitude guide you through the differences between black, white and grey box penetration testing services.