Penetration Testing Service

Penetration testing is Sec-Tec's core business, and we perform over 100 bespoke penetration testing projects every year for organisations of all sizes. Whether you are an experienced buyer or new to the field, we will explain the pros, cons, options and limitations of this field, and work with you to scope the best solution to your needs.

As you would expect, Sec-Tec holds a number of industry leading qualifications in this area, including the prestigious CHECK Green Light certification allowing us to deliver penetration testing services in Protectively Marked environments such as central and local Government (GCSx compliance checks).

Sec-Tec recognises that not everyone is technical, and succeeds in delivering accurate, objective reports that are accurately summarised for all relevant readers. We won't exaggerate the risk associated with findings, and we will work with you to correct any issues identified. Want us to confirm that an issue has been corrected? Not a problem.

Sec-Tec's penetration testing services consist of a number of modules that can be combined as required to provide the assurance you need:

Infrastructure Penetration Testing

This is "classic" penetration testing or "network penetration testing". Your servers, routers and switches that form your basic network infrastructure are tested for a wide range of vulnerabilities including missing security patches, misconfigurations and oversights that could negatively impact the security of your network. This normally forms the basis for additional penetration testing modules specified below.

Web Application Penetration Testing

Web applications present a considerable risk to organisations, in that they are often, by design, accessible to untrusted entities and often connect to core business systems. Web developers face a myriad of potential mistakes and assumptions that can be exploited by a malicious attacker. Web application security assessment tests remain a major factor in most penetration testing projects delivered by Sec-Tec.

Computer Penetration Testing

Desktop computers are often overlooked within penetration testing projects, but vital to the organisation's security. It may surprise you to know that popular desktop applications such as Adobe Acrobat and Java Runtime Environments are now amongst the most commonly attacked applications in the world:

• http://www.theregister.co.uk/2010/10/19/unprecedented_java_exploits
• http://features.techworld.com/security/3242064/the-7-most-attacked-applications

As core operating systems have matured to automatically install patches and updates, attackers have increasingly moved to targeting third party applications that are less frequently updated. Recognising this trend, Sec-Tec has invested heavily in testing technology for desktop applications, and can demonstrate the total compromise of systems simply by the victim opening a PDF file with a vulnerable viewer.

If you haven't undergone a comprehensive desktop assessment, talk to us about our desktop application testing services.

Wi-Fi Penetration Testing

Many clients contact Sec-Tec with a "Can you get in?" mentality to Wi-Fi security testing. In reality, there are often a number of potential security issues from unencrypted guest access to the ability to intercept traffic between trusted hosts. Sec-Tec can provide a thorough Wi-Fi assessment, and indicate potentially unconsidered threats that may exist.

For example, Sec-Tec recently demonstrated to a client that it was possible to compromise a legitimate device on an unencrypted guest Wi-Fi network and use the legitimate VPN client installed on the target system to gain access to the corporate LAN.

VoIP Penetration Testing

Often relying heavily on VLAN technology for security, many VoIP systems utilise no encryption, meaning that phone calls can often be intercepted from elsewhere within the network. Sec-Tec has the technology to demonstrate these attacks in real-time, providing a real-world indication of risk, and helping organisations reap the benefits without the risks.

The Penetration Test Report

The penetration test report is the deliverable. We have a decade of experience in drafting reports, providing the information needed, and clarifying the complex. All reports go through rigid QA before release and provide much more useful information than typical automated scan reports, with screenshots, supporting logs, and sufficient information to reproduce the issue or satisfy an auditor. We take real pride in our reports. Why not ask for a sample?

Why not take a look at our penetration testing buyer's FAQ to answer any common questions you may have on penetration testing.

Our Promise to you

1. We will work with you to ensure the ideal project scope is undertaken.
2. Our testing will utilise the best technologies and methodologies available.
3. Our reports will be clear, objective, and provide a realistic assessment on the risks presented by the findings using internationally recognised scoring mechanisms.
4. Our Executive Summaries will provide a clear indication and position statement to non-technical readers.
5. We will detail the necessary corrective actions, consider the options, and help you to make sure they are correctly implemented.

Fancy a chat?