Penetration Testing Service
Penetration Testing Services
A Security Penetration Test is a controlled and managed simulation of an actual system intrusion. It gives you a realistic experience of an attempted break-in – whether from an outside intruder or from your employee or business partner.
Acora provide a flexible portfolio of Security Testing Services, resulting in reports and recommendations that executive management, as well as technicians, can all gain the information they need.
Our reports summarise the potential impacts and business consequences of exploitation of any discovered vulnerabilities, whilst cost-effective strategies to mitigate risk are presented. For the more technical audience, carefully crafted examples are used to illustrate how vulnerabilities can be exploited, or reproduced in a test-bed and are provided with detailed remediation instructions.
Our tests also include re-tests on found vulnerabilities to ensure that the client’s internal team or primary outsource partner has completed remediation.
Data Provided vs Scope of Testing
Penetration tests can be conducted in several ways. The most common difference is the amount of knowledge that is available to the testers from the implementation details of the system being tested.
1. Black box penetration testing assumes no prior knowledge of the infrastructure to be tested. The testers must first determine the location and extent of the systems before commencing their analysis.
2. At the other end of the spectrum, White box penetration testing provides the testers with complete knowledge of the infrastructure to be tested, often including network diagrams, source code, and IP addressing information.
3. Black box testing simulates an attack from someone unfamiliar with the system. White box testing simulates what might happen during an “inside job” or after a “leak” of sensitive information, where the attacker has access to source code, network layouts, and possibly even some passwords.
4. Grey box testing is a combination of white box testing and black box testing. This test aims to discover defects resulting from improper structure or improper use of applications.
PENETRATION TESTING ADVANTAGES
Plug the gaps – Spotlight any existing weaknesses in your system configurations and network infrastructure, as well as any bad practices by your staff that could lead to data breaches, malicious infiltration, or worse.
Ensure continuity – Any disruption to business continuity will have a negative impact on your operations. Penetration testing can throw up potential threats to all these areas, and help ensure that your business doesn’t suffer from unanticipated downtime or inaccessibility issues.
Meet and maintain compliance – Regulatory and legal requirements dictate that a certain level of Penetration Testing is compulsory. For example, the ISO 27001 standard requires all managers and system owners to conduct regular tests and security reviews.
Maintain trust – Falling victim to a cyber assault or data breach is a sure-fire way to lose the confidence and loyalty of your customers. But being known as an organisation that regularly conducts security reviews and penetration testing can effectively reassure all stakeholders.
Enhance quality assurance – If your organisation deals in software or consumer goods, a secure production environment subjected to regular Penetration Testing will enhance your standing in the market, and assure your buyers of a consistent and high standard.
Improve overall defences – Penetration testing is a powerful weapon in your security arsenal. But it shouldn’t be relied on in isolation. Instead, Penetration Testing should be employed as part of a suite of measures including updates and security patches.
PENETRATION TESTING GOALS
- Find and Plug Gaps in Security.
- Achieve and maintain compliance.
- Improve Your Security Strategy.
- Audit the effectiveness of controls to meet compliance.
- Ethical Hacking is designed to measure how well an organisations defence and response capabilities will stand up against attacks from a simulated real-life adversary.