penetration testing

CyBourn delivers penetration testing engagements by leveraging an experienced team of certified penetration testing experts and cybersecurity analysts. Using industry-recognised as well as proprietary scripts and techniques, we design, test and perform a full spectrum of tactics from vulnerability assessments to red/blue team exercises.

Overview

Penetration Testing is a method for gaining assurance in the security of an IT system by attempting to breach some or all of that system’s security, using the same tools and techniques as an adversary may utilise. Penetration testing should be viewed as a method for gaining assurance in your organisation’s vulnerability assessment and management processes, not as a primary method for identifying vulnerabilities. A penetration test should be thought of as similar to a financial audit. An audit by an external group ensures that your internal team’s processes are sufficient.

Key Benefits

vulnerabilities
Find vulnerabilities before cyber criminals do
Penetration tests are much like practicing for a real-life hack by a real-life hacker. Performing regular penetration tests allows you to be proactive in your real-world approach of evaluating your IT infrastructure security. The process uncovers holes in your security, giving you a chance to properly remediate any shortcomings before an actual attack occurs.
improve
Improve your Cybersecurity posture
Continuing to mature the security posture within your organisation’s environment is a great way to maintain a competitive advantage against other organisations in your industry. It not only demonstrates to your clients that information security and compliance are paramount for your organisation, but also that you’re continuously dedicated to striving towards optimum security.
understanding
Improve understanding of Cybersecurity risks
Performing regular penetration tests allows your organisation to evaluate web application, internal and external network security, It also helps you to understand what security controls are necessary to have the level of security your organisation needs to protect its people and assets. Prioritising these risks gives organisations an advantage to anticipate risks and prevent potential malicious attacks from happening.
support
Support compliance with international standards like PCI DSS
Penetration tests help address the compliance and security obligations that are mandated by industry standards and regulations such as PCI, DSS, ISO 27001 and FISMA. Having these tests performed regularly helps to demonstrate due diligence and your dedication to information security, all the while helping you to avoid the heavy fines that can be associated with non-compliance.

Our Process

01

PLANNING

Prior to beginning a penetration testing engagement, the scope and objectives need to be agreed upon with the customer. The customer will be informed of our procedures and project plan. During this phase, we will also make sure to gather permission from the people affected by the pentest.

02

DISCOVERY

During discovery, our engineers try to find as much information about the target as possible. This includes open-source information like social media and leak databases or vulnerability assesments, performed either actively or pasively, depending on the engagement.

03

ATTACK

This is the most active phase, where an engineer tries to gain access to information or in some way find vulnearbilities in the targets. For web applications for example, the tests performed in this phase include OWASP Top 10 Vulnerabilities tests

04

CLEANING

One of the most important phases of a penetration test is the cleaning. We make sure all files we uploaded to the target systems are deleted, all accounts we might have created are disabled and all exploits are erased.

05

REPORTING

During reporting, our engineers put together all their findings and add relevant information like the CVE numbers, CVSS ratings, impact analysis and tailored recommendations.

crest-soc
member-cyber-exchange
ISO9001-blue
ISO20000-orange
ISO27001-purple

For more information and a quote on our Penetration Testing services please contact us!

Type of pentest: web app, mobile app, network, wi-fi, scada
Apps: approximate number of paths
Network: number of assets
Wi-fi: number of access points
Scada: number of assets

Tell us about your Cybersecurity needs

We are strategists, engineers, analysts, and governance experts embedded in the world’s biggest cyber missions and trusted to advance them. Let us help you today.