Get in Touch

PENETRATION TESTING

CSG works with organizations to prevent, detect and respond to cyber threats in the face of challenging conditions

OVERVIEW

What Is Penetration Testing?

A penetration test, or “pen test” for short, is a security assessment that simulates an attack by a malicious party on a network or application in order to identify security flaws. This test is coordinated ahead of time and executed with an attempt to avoid damaging any system.  At the end of the test, your pen testing firm will provide you with a report that includes found issues and weaknesses along with suggestions for how to remediate them.

Pen testing should be conducted regularly, to detect recently discovered, previously unknown vulnerabilities. The minimum frequency depends on the type of testing being conducted and the target of the test. Testing should be at least annually, and maybe monthly for internal vulnerability scanning of workstations, standards such as the PCI DSS recommend intervals for various scan types.

BENEFITS

Benefits To Your Organisation Of Doing A Pen Test

  • Fixes vulnerabilities before they are exploited by cybercriminals
  • Provides independent assurance of security controls
  • Improves awareness and understanding of cyber security risks
  • Supports PCI DSS, ISO 27001 and GDPR compliance
  • Demonstrates a continuous commitment to security
  • Supplies the insight needed to prioritise future security investments

TYPES

Types Of Pen Tests CSG Can Complete

Network Infrastructure Testing

CGS rigorously investigates your network to identify and exploit a wide range of security vulnerabilities. This enables us to establish if assets such as data can be compromised, classify the risks posed to your overall cyber security, prioritise vulnerabilities to be addressed, and recommend actions to mitigate risks identified.

Wireless Testing

Wireless pen testing is critical to perform and many organizations skip this area with the assumption it is secure since they are using WPA2. However, misconfigurations and weak passwords are far more prevalent that expected due to the large number of access points that are needed to power a sizable network.

Web Application Testing

Conducting business on the online has become an essential requirement for almost every organisation. However, those web applications are exposed to near-constant bombardment from entities looking to exploit vulnerabilities for malicious purposes. CSGs web app penetration testing fully identifies and evaluates web application vulnerabilities.

API Testing

APIs come in many flavors but often are plagued by similar vulnerabilities. Using blended attack techniques, CSG scrutinises each API call for anomalies through direct interaction and by manipulating application data in flight by manually interacting with advanced testing tools.

Configuration Review Testing

A build and configuration review pen test systematically assesses devices, operating systems and databases across your networks.

Internet of Things (IoT) Security Testing

The number of connected devices has rocketed in the past few years and the Internet of Things (IoT) has become a significant target for threat actors as many manufacturers do not understand the importance of cyber security.

Social Engineering Testing

Users are the weak link when it comes to cybersecurity is a generally accepted truth. Very few technical controls can compensate for the intricacies of human behaviour such as a person’s natural tendency to trust another person. CSGs social engineering pen test service includes a range of techniques to assess the ability of your systems and personnel to detect and respond to a simulated attack exercise.

Mobile Security Testing

There is a vast range of enterprise level mobile applications available for both Android and iOS, as the growth of mobile applications is increasing companies are adapting to new ways of working smarter by enabling customers and staff to conveniently access their services via tablets and smartphones this gives . CSG carries out in-depth mobile application assessments based on the latest development frameworks and security testing tools.

Why Your Organisation Needs A Pen Test

With threats constantly evolving, it’s recommended that every organisation commissions penetration testing at least once a year, but more frequently when:

Making significant changes to infrastructure
Launching new products and services
Undergoing a business merger or acquisition
Preparing for compliance with security standards
Bidding for large commercial contracts
Utilising and/or developing custom applications

Our Approach To Pen Testing

  • Defining the intruder model (internal or external, enabled rights and privileges)
  • Defining goals, source data, scope of work and testing targets
  • Determining the scope of a target environment
  • Developing the testing methodology
  • Defining interaction and communication procedures
  • Fieldwork, service identification.
  • Custom scanning or intrusion tools are developed if needed
  • Vulnerabilities detection and scanning, elimination of false positives
  • Vulnerabilities exploit and gaining an unauthorized access
  • Utilization of compromised systems as a springboard for further intrusion
  • Result analysis and reporting with recommendations for reducing risks.
  • Visual demonstration of the damage that can be inflicted to the system by an intruder.
  • Retest any issues that were identified during the initial penetration test and have been fixed

Frequently asked questions about Pen Testing

What's the difference between a pen test and vulnerability assesment scan?

The main difference between a pen tests and vulnerability assessment scan is that VA scans are meant to regularly and quickly give you high-level insights into your network, while pentests go to a deeper level of security testing and are typically performed less often. A vulnerability scan typically only identifies vulnerabilities at a high level. This scan is not intended to exploit vulnerabilities, and produces an indication report.

What are the goals of a penetration test?

Goals of a penetration test vary greatly based on the scope of review. Generally speaking, the goal of a penetration test is to validate the effectiveness of security controls designed to protect the system or assets being protected.

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

Who performs a pen test?

Pen testing is conducted by CSG’s experienced ethical hackers who possess an in-depth experience across multiple technologies including client platforms, server infrastructures, web application development, and IP networking.

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

How long does a pentest take?

The time it takes an ethical hacker to complete a pentest is dependent upon the scope of the test. Factors can include network size, if the test is internal or external facing, whether it involves any physical penetration testing and whether network information and user credentials are shared with CSG prior to the pentesting engagement.

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

Why does CSG ask for information about my network and systems before scoping my pentest?

Each company has a different network landscape and different goals for their pentest. CSG works with your team directly to be sure that your quote covers what you need while working within your budget.

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

Why does CSG ask information about my network and systems before scoping my pentest?

Penetration testing utilises the tools, techniques and procedures used by genuine criminal hackers such as phishing, SQL injection, brute force and deployment of custom malware.

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

Should I use the same penetration testing supplier?

CSG pentesters have strong backgrounds and certifications, and they are always working together to learn and share current knowledge about new vulnerabilities and exploits. Not all of our competitors can say the same. We recommend that companies find a trusted pentesting company, such as CSG, and trust them to perform strong tests year after year

A Penetration Test should always document the goals of the project. Penetration Test reports and deliverables outline the expectations, scope, requirements, resources, and results

Request More Information On Pen Testing