Every year Sec-Tec performs over 100 penetration tests for organisations of all types and location. Whether you are an experienced buyer or new to the field, we will explain the pros, cons, options and limitations of this field, and work with you to scope the best solution to your needs.
Sec-Tec recognises that not everyone is technical, and we succeed in delivering accurate, objective reports that are accurately summarised for all relevant readers. We won't exaggerate the risk associated with findings, and we will work with you to correct any issues identified. Want us to confirm that an issue has been corrected? Not a problem.
Sec-Tec's penetration testing services consist of a number of modules that can be combined as required to provide the assurance you need:
PSN Health Checks
Sec-Tec offer simple, fixed price PSN Health Checks that allow organisations to quickly and easily procure PSN Health Checks in minimal time, with minimal red tape. Working with the client, we will agree the ideal scope, taking into consideration the latest ITHC Health Check requirements. We will then issue detailed but digestible reports to the organisation covering both the internal and external aspects of the corporate network. Where applicable, connections to third-party organisations and service providers will also be assessed. At all times, straight forward corrective recommendations will be made in order to ensure the client can work towards maintaining PSN compliance.
Infrastructure Security Assessments
Web Application Security Assessments
Desktop Security Assessments
7 Most Attacked Applications
As core operating systems have matured to automatically install patches and updates, attackers have increasingly moved to targeting third-party applications that are less frequently updated. Recognising this trend, Sec-Tec has invested heavily in testing technology for desktop applications, and can demonstrate the total compromise of systems simply by the victim opening a PDF file with a vulnerable viewer.
If you haven't undergone a comprehensive desktop assessment, talk to us about our desktop application testing services.
Wi-Fi Security Assessments
For example, Sec-Tec recently demonstrated to a client that it was possible to compromise a legitimate device on an unencrypted guest Wi-Fi network and use the legitimate VPN client installed on the target system to gain access to the corporate LAN.
VoIP Security Assessments
How we test
No two projects are exactly the same, we understand that. The following however, represents a high-level overview of the testing process:
Initial scoping and agreement
Before any test can begin, the exact scope of testing is agreed and documented. This includes what systems/environments will be assessed, for what categories of attack, and considers other important factors such as overall project goals. All stakeholders, including relevant third parties, must grant express permission to test at this stage. Testing timeframes will also be agreed, as will escalation and notification procedures in the event of critical vulnerabilities being discovered.
Information gathering & Mapping
From social media to Windows domain controllers, the amount of information available to a potential attacker can be astounding, and in many instances is sufficient to compromise a network alone. Sec-Tec will utilise both passive and active information gathering to obtain an in-depth picture of the target environment, and potential avenues of attack. If social engineering is a component of the penetration test, we will utilise sources such as LinkedIn to obtain staff information that may be useful during an impersonation attack.
Initial vulnerability assessment
Using a best-of-breed combination of security assessment tools, and building in redundancy with multiple tools wherever feasible, the target environment will be tested for a wide range of vulnerabilities at both the infrastructure and application level. Sec-Tec has invested heavily in commercial penetration testing tools, which are used alongside the more common open source tools which are freely available.
All findings will be manually reviewed and confirmed, with costly false positives removed. Additionally, risk ratings may be revised, based on a number of metrics. Lastly, the risks of chaining vulnerabilities will be considered; Often, two or more low level vulnerabilities exploited together will raise the overall risk than when considered individually.
Getting the right combination of automated and manual penetration testing is a major consideration during every test. Automation has the advantage of coverage, but the lack of any real intelligence means key vulnerability categories such as business logic flaws cannot be reliably identified. These must be tested for manually. In addition, common reverse Turing mechanisms such as CAPTCHAs, and two factor authentication can prevent automated scanners from achieving adequate coverage. Such areas will be tested for manually, or bespoke authenticators will be built within our testing tools to successfully access protected areas of applications.
Depending on project scope, vulnerability exploitation can provide an important demonstration of the real-world impact of identified vulnerabilities. It can transform “You have an SQL injection vulnerability” into “You have an SQL injection vulnerability, and here’s your entire client database, and all of their passwords”. It can turn “Your domain controller is missing a patch” to “Your domain controller is missing a patch, and here’s your domain administrator password, together with your CEO’s”. Not all vulnerabilities are exploitability in the scope of a penetration test, and not all clients wish to undertake exploitation. Sec-Tec will discuss this in detail during the initial scoping stage, to ensure an informed decision has been made.
As part of our ISO9001 certified quality management system, your testing team will perform a late-stage quality review to ensure all reasonable avenues of attack have been covered, and that information obtained during the later stages of testing has been appropriately acted upon.
Reporting will be of hand-drafted report, aimed at both technical and executive readers. Industry standard CVSS (Common Vulnerability Scoring System) rating systems will be used to ensure objective reporting and prioritisation, and clear corrective guidance will be provided for all identified issues. Identifying issues is only half the story. The real value comes from correcting them. We will include guidance on the best course of corrective action, complete with links to further information and patches where applicable.
Sec-Tec perform a free-of-charge confirmation of corrective action assessment, to help you make sure that your applied fixes are working as anticipated.
Our Promise to you
1. We will work with you to ensure the ideal project scope is undertaken.
2. Our testing will utilise the best technologies and methodologies available.
3. Our reports will be clear, objective, and provide a realistic assessment on the risks presented by the findings using internationally recognised scoring mechanisms.
4. Our Executive Summaries will provide a clear indication and position statement to non-technical readers.
5. We will detail the necessary corrective actions, consider the options, and help you to make sure they are correctly implemented.