Understand if your network is fully protected and uncover hidden vulnerabilities in your network with a Security penetration test.
What is Penetration Testing
- Penetration testing is a systematic method of regularly evaluating the security of the computer system or networks by simulating an attack or intrusion from a malicious source to ultimately take recommended corrective action and evaluate the effectiveness of existing security measures.
What does Penetration Testing involve?
The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful attack. We’ll present any security issues that are found, together with an assessment of their impact, and a proposal for mitigation.
PKML Professional Services can also deliver its penetration testing against your infrastructure targets as well as web applications, wireless networks and operations:
Web application security review
- We can perform web application penetration testing against nominated targets by searching for vulnerabilities and weaknesses using automated and manual techniques. All testing activities can be performed from the perspective of either an authenticated or unauthenticated attacker or both and delivered either remotely or on-site at any time that suits your business requirements.
Wireless security testing
- Our consultants can perform an onsite security assessment of your wireless infrastructure. This can be done passively by reviewing the system configuration or ‘actively’ by attempting to compromise the wireless infrastructure using specialized hardware and software.
- Trained consultants can attempt to infiltrate your organisation and determine what kind of access as a highly motivated attacker could achieve. Using methods such as phone calls, spear phishing emails and dumpster diving, our consultants attempt to find out as much information as possible about your organisation. In addition, infiltration and tailgating activities, identification forging, eavesdropping on communications and other advanced attack techniques can be carried out against an organisation in the hopes of comprising its security.
Denial of Service (DoS) assessment
- We can test the strength of your infrastructure by intelligently exploiting any weakness in services or web applications to cause your environment to fail against application-layer Denial of Service attacks. Such techniques include exploiting known denial of service conditions, form submissions and HTTP/S conditions. DoS assessments do not include volumetric testing as this could have an impact on networks outside the scope of work.