What is our Ethical Hacking Service?
Simply put, we act as a Cyber Criminal would if they were trying to compromise your organisation. We use the same tools and techniques with the aim of discovering weaknesses in your systems, people and processes before the hackers do and reporting them to you with remediation advice to mitigate the risk. With Cyber Attacks on the increase protecting your customers data, your company reputation and complying with the law and new legislation is even more important. Our service is there to help you protect yourself from these attacks.
How does it work and what do we test?
We can test your entire system giving you the confidence that your applications and infrastructure are secure, we’ve given a brief summary of some of the steps we take but it is very brief so contact us to find out more about what we offer and how it can help you.
Application Vulnerability Assessments – Client and Web
We assess your application to verify it’s security posture, applying this to both web based applications and client based applications. We will look for potential weaknesses such as injection attacks, buffer overflows and logic flaws and provide you with steps to mitigate the risk.
Static Source Code Review.
Our aim is to identifying security issues in the application source code. We’ll check for common coding errors that introduce vulnerabilities such as unsafe functions, logic flaws, incorrect or absent error handling. We’ll catch the issues before you release the code.
Network Vulnerability Assessment.
We will check your network assets to determine the Operating system, ports, services and protocols used on your systems and networks. When that’s done we’ll delve deeper into the configuration, looking for information disclosure issues and determine what information about your company is publicly available on search engines etc. We aim to give you a full picture of all the information, sensitive or otherwise and help you to mange your company’s digital footprint.
If requested we can turn our attention to your people and processes using techniques like phishing attacks, USB dropping and piggybacking to gain site access. These types of attack are extremely common and we can help you to target specific areas to increase staff awareness about how to spot these issues and keep your systems and people safe.
After pulling together information from a number of sources including all those above we will formulate an attack against services you select. The intention is to gain access, escalate privileges and exfiltrate data. When we’ve finished we will show exactly how we gained access so that you can plug the gaps and we’ll retest to give you confirmation that those attack vectors have been removed.
You can add this service to your Bespoke Security Package.