Penetration Testing

Every year Sec-Tec performs over 100 penetration tests for organisations of all types and location. Whether you are an experienced buyer or new to the field, we will explain the pros, cons, options and limitations of this field, and work with you to scope the best solution to your needs.

Sec-Tec recognises that not everyone is technical, and we succeed in delivering accurate, objective reports that are accurately summarised for all relevant readers. We won't exaggerate the risk associated with findings, and we will work with you to correct any issues identified. Want us to confirm that an issue has been corrected? Not a problem.

Sec-Tec's penetration testing services consist of a number of modules that can be combined as required to provide the assurance you need:

PSN Health Checks

Public Sector organisations that connect to Public Sector Network (PSN) require regular ongoing assessments of technical measures in place within both the internal and external, Internet facing aspects of the corporate network. PSN Health Check requirements are documented here: PSN Requirements

Sec-Tec offer simple, fixed price PSN Health Checks that allow organisations to quickly and easily procure PSN Health Checks in minimal time, with minimal red tape. Working with the client, we will agree the ideal scope, taking into consideration the latest ITHC Health Check requirements. We will then issue detailed but digestible reports to the organisation covering both the internal and external aspects of the corporate network. Where applicable, connections to third-party organisations and service providers will also be assessed. At all times, straight forward corrective recommendations will be made in order to ensure the client can work towards maintaining PSN compliance.

More Information

Infrastructure Security Assessments

This is "classic penetration testing" or "network penetration testing". The servers, routers and switches that form your basic network infrastructure are tested for a wide range of vulnerabilities including missing security patches, misconfigurations and oversights that could negatively impact the security of your network. This normally forms the basis for additional penetration testing.

Web Application Security Assessments

Web applications present a considerable risk to organisations, in that they are often, by design, accessible to untrusted entities and often connect to core business systems. Web developers face a myriad of potential mistakes and assumptions that can be exploited by a malicious attacker. Web application security assessment tests remain a major factor in most penetration testing projects delivered by Sec-Tec.

More Information

Desktop Security Assessments

Desktop computers are often overlooked within penetration testing projects, but vital to the organisation's security. It may surprise you to know that popular desktop applications such as Adobe Acrobat and Java Runtime Environments are now amongst the most commonly attacked applications in the world:

Java Attacks
7 Most Attacked Applications

As core operating systems have matured to automatically install patches and updates, attackers have increasingly moved to targeting third-party applications that are less frequently updated. Recognising this trend, Sec-Tec has invested heavily in testing technology for desktop applications, and can demonstrate the total compromise of systems simply by the victim opening a PDF file with a vulnerable viewer.

If you haven't undergone a comprehensive desktop assessment, talk to us about our desktop application testing services.

More Information

Wi-Fi Security Assessments

Many clients contact Sec-Tec with a "Can you get in?" mentality to Wi-Fi security testing. In reality, there are often a number of potential security issues from unencrypted guest access to the ability to intercept traffic between trusted hosts. Sec-Tec can provide a thorough Wi-Fi assessment, and indicate potentially unconsidered threats that may exist.

For example, Sec-Tec recently demonstrated to a client that it was possible to compromise a legitimate device on an unencrypted guest Wi-Fi network and use the legitimate VPN client installed on the target system to gain access to the corporate LAN.

More Information

VoIP Security Assessments

Often relying heavily on VLAN technology for security, many VoIP systems utilise no encryption, meaning that phone calls can often be intercepted from elsewhere within the network. VOIP systems are often also vulnerable to flooding and other forms of Denial of Service attack. Sec-Tec has the technology to demonstrate these attacks in real-time, providing a real-world indication of risk, and helping organisations reap the benefits without the risks.

Social Engineering

Never underestimate the power of a convincing liar. Sec-Tec offer simple, straightforward fixed price Social Engineering assessments that allow you to assess both your staff awareness of phishing attacks, and your organisation's technical responses. Sec-Tec can often attain over a 40% response rate from staff, and have bypassed some of the world's most deployed anti-spam and data leak prevention technologies in existence.

How we test

No two projects are exactly the same, we understand that. The following however, represents a high-level overview of the testing process:

Initial scoping and agreement

Before any test can begin, the exact scope of testing is agreed and documented. This includes what systems/environments will be assessed, for what categories of attack, and considers other important factors such as overall project goals. All stakeholders, including relevant third parties, must grant express permission to test at this stage. Testing timeframes will also be agreed, as will escalation and notification procedures in the event of critical vulnerabilities being discovered.

Information gathering & Mapping

From social media to Windows domain controllers, the amount of information available to a potential attacker can be astounding, and in many instances is sufficient to compromise a network alone. Sec-Tec will utilise both passive and active information gathering to obtain an in-depth picture of the target environment, and potential avenues of attack. If social engineering is a component of the penetration test, we will utilise sources such as LinkedIn to obtain staff information that may be useful during an impersonation attack.

Initial vulnerability assessment

Using a best-of-breed combination of security assessment tools, and building in redundancy with multiple tools wherever feasible, the target environment will be tested for a wide range of vulnerabilities at both the infrastructure and application level. Sec-Tec has invested heavily in commercial penetration testing tools, which are used alongside the more common open source tools which are freely available.

Initial confirmation

All findings will be manually reviewed and confirmed, with costly false positives removed. Additionally, risk ratings may be revised, based on a number of metrics. Lastly, the risks of chaining vulnerabilities will be considered; Often, two or more low level vulnerabilities exploited together will raise the overall risk than when considered individually.

Manual testing

Getting the right combination of automated and manual penetration testing is a major consideration during every test. Automation has the advantage of coverage, but the lack of any real intelligence means key vulnerability categories such as business logic flaws cannot be reliably identified. These must be tested for manually. In addition, common reverse Turing mechanisms such as CAPTCHAs, and two factor authentication can prevent automated scanners from achieving adequate coverage. Such areas will be tested for manually, or bespoke authenticators will be built within our testing tools to successfully access protected areas of applications.

Exploitation

Depending on project scope, vulnerability exploitation can provide an important demonstration of the real-world impact of identified vulnerabilities. It can transform “You have an SQL injection vulnerability” into “You have an SQL injection vulnerability, and here’s your entire client database, and all of their passwords”. It can turn “Your domain controller is missing a patch” to “Your domain controller is missing a patch, and here’s your domain administrator password, together with your CEO’s”. Not all vulnerabilities are exploitability in the scope of a penetration test, and not all clients wish to undertake exploitation. Sec-Tec will discuss this in detail during the initial scoping stage, to ensure an informed decision has been made.

Quality review

As part of our ISO9001 certified quality management system, your testing team will perform a late-stage quality review to ensure all reasonable avenues of attack have been covered, and that information obtained during the later stages of testing has been appropriately acted upon.

The Report

Reporting will be of hand-drafted report, aimed at both technical and executive readers. Industry standard CVSS (Common Vulnerability Scoring System) rating systems will be used to ensure objective reporting and prioritisation, and clear corrective guidance will be provided for all identified issues. Identifying issues is only half the story. The real value comes from correcting them. We will include guidance on the best course of corrective action, complete with links to further information and patches where applicable.

Follow-up

Sec-Tec perform a free-of-charge confirmation of corrective action assessment, to help you make sure that your applied fixes are working as anticipated.

Our Promise to you

1. We will work with you to ensure the ideal project scope is undertaken.
2. Our testing will utilise the best technologies and methodologies available.
3. Our reports will be clear, objective, and provide a realistic assessment on the risks presented by the findings using internationally recognised scoring mechanisms.
4. Our Executive Summaries will provide a clear indication and position statement to non-technical readers.
5. We will detail the necessary corrective actions, consider the options, and help you to make sure they are correctly implemented.

More information:

FAQ Penetration Testing