Penetration testing
Our ethical hackers will
Ethical hacking – penetration testing using hacking skills for good – checks how well you have protected your organisation against malicious attacks. Trying to hack your own system can identify weaknesses in your defences and help you improve your protections.
Sense of Security’s cyber penetration testing services are some of the best in the world, available here in Australia. With Sense of Security as your cyber security partner, you get:
- A provider certified with the Council for Registered Ethical Security Testers (CREST)
- A team of expert consultants at the top of their fields
- An experienced agency that works with some of the world’s biggest brands.
Penetration testing is a requirement for some types of organisations. Our service allows you to comply with corporate governance responsibilities, including:
- Regulations such as PCI DSS, ISM, SOX, and HIPAA and the Australian Privacy Act 1988
- Industry standards such as ISO 17799 and ISO 27001.
Our methodology and approach
We have a documented, well established penetration testing methodology based on industry best practices and our own specialist techniques. This ensures that you will receive reliable and repeatable results that minimise the risk to your systems under testing.
We start by profiling the most likely threats to your business. Then we examine your business processes, information flows and the technology that supports your operations.
Once we understand how you work, we unleash our arsenal of penetration testing tools – they are similar to those used by malicious attackers. Our toolkit includes best-of-breed commercial and open-source penetration tools and a few specialised items that we have developed in-house.
You will receive a comprehensive business risk-focused report of our testing, detailing:
- Our approach and techniques
- The vulnerabilities we identified
- A set of prioritised findings
- Clear recommendations to harden your security.
Any security issues are reported with accompanying step-by-step instructions and screenshots, so that you can replicate the attack, get a visual perspective of the problem and understand the nature, and urgency, of the potential risk.
Vulnerability assessments versus
penetration testing
Vulnerability assessments use testing or scanning tools to identify security vulnerabilities in a system or environment. They are less costly than a full penetration test and typically highlight technical threats. However, they do not:
- Qualify the business threat
- Test business logic
- Assess common attack methods
- Identify unknown vulnerabilities
- Actively exploit the problems to determine the full exposure
- Validate the threat’s existence.
While a vulnerability assessment can be useful, it is not comprehensive, so reports based on it are indicative only and may be incomplete or inaccurate. It can also overlook attack scenarios which could lead to a future security breach.
Ongoing protection for your systems
Sense of Security provides penetration testing services as a one-off assessment, or on an ongoing basis.
If you opt for ongoing support, we will work with you to develop a recurring penetration testing program for different segments of your business environment.
Ongoing support will give you cost-effective, continuous protection. We will also be able to quickly identify and alert you to new areas of exposure. You will also receive information about trends, which will allow you to monitor the progress of your IT security initiatives.
Vulnerability assessment training
Sense of Security can also provide practical training courses for your internal security teams to empower them to take better control of your cyber security environment. We can provide training at your office or you can come to us.
Ongoing support will give you cost-effective, continuous protection. We will also be able to quickly identify and alert you to new areas of exposure. You will also receive information about trends, which will allow you to monitor the progress of your IT security initiatives.
Types of penetration testing services
Sense of security provides a range of penetration testing services that can further test the strength of your systems.
External network penetration testing
Imitate opportunistic intruders who try to gain access to your systems from the internet.
Internal network penetration testing
Validate your deployed security controls or test your defences against security breaches from internal attacks – an inside job – where disgruntled or careless employees cause damage from within corporate networks
Web application penetration testing
Test the security of your open source applications and find vulnerabilities in your custom web applications.
Physical penetration testing
Physical security is just as important as information security. Test your business’s defences against real-world physical attacks.
Mobile application security testing
Security testing your mobile applications – like penetration testing your websites – can expose security flaws and give you the opportunity to further protect your system.
Wireless penetration testing
Wireless or “remote access” penetration testing mimics potential intrusions from remote entry points outside your business site, such as eavesdropping on your network or networked devices, or gaining access through a VPN access point.
Citrix penetration testing
Your Citrix server is a valuable way to centrally host applications and resources, which makes unauthorised access a high-risk event. Identifying and closing security gaps will harden your XenApp and XenDesktop defences.
Social engineering testing
Increasingly, attacks have a human factor. Test your defences against techniques like tailgating, phishing and baiting.