• Penetration testing is the use of techniques and tools to simulate an attack on an organisation’s information security. A variety of specific tests are employed to achieve this, based on an organisation’s specific requirements.

• Penetration testing can help establish the level of vulnerability that an organisation or system is exposed to while simulating particular threats. Testing therefore provides an important element in understanding overall security risk.

• Unlike other forms of security assurance which provide a theoretical articulation of vulnerability, penetration testing demonstrates actual vulnerability and as such can be more compelling to senior management.

• Testing can simulate various types of threat, giving your organisation a view of the severity of a particular threat in terms of its ability to exploit actual vulnerabilities in their systems.

Our range of penetration testing services will help proactively identify security weaknesses in your systems, infrastructure and applications before they are exploited by an attacker.

The following are commonly accepted industry good practice which organisations are increasingly adopting:

• Test the security of new systems, infrastructure and applications before they released into a live production environment. Penetration testing is particularly important for any asset that is publicly accessible directly via the Internet.
• Test the security of your critical legacy assets that have never been tested but are already in use to identify and fix previously unknown vulnerabilities.
• Periodically retest security whenever significant changes are made to systems, infrastructure and applications and/or to ensure your assets are protected against the constant stream of new exploits.
• Penetration testing is integrated into a wider programme of information security assurance activities.
• Penetration testing is integrated into the system’s development lifecycle.
• Creation and maintenance of a testing schedule detailing systems to be tested and frequency.

• We are typically more affordable than equivalent competitors yet still provide the same quality service. Furthermore, the nature of penetration testing means that it can be expensive to maintain an internal team making our services a more cost-effective option.
• Leverage our experience of defending multiple industries to preemptively identify vulnerabilities using nondestructive simulated tests and multi-layered attack simulations designed to test the effectiveness of your security against malicious threats.
• Finding good penetration testing talent can be difficult, partnering with a specialist security company like TDS gives you instant access to talent at affordable costs. Testing is conducted by security professionals who are experienced expert testers with a broad range of certifications.
• Testing is customised on a test-by-test basis to meet your requirements.
• Creative process benefiting from the tester’s experience and simulates the current behaviour and thinking of a real-world attacker.
• Results are professionally interpreted to remove false positives and understand the real risks associated with each vulnerability.
• We are experienced in setting your findings and recommendations into a business risk context to support you in discussions with business stakeholders.
• Briefing and presentation of findings and recommendations.
• Retest service to ensure recommendations have been implemented and vulnerabilities closed.
• Dedicated account and support representative.
• We can provide consultancy and assistance in implementing the security improvements.
• Their technical capability in the various areas in which tests may be required (such as application testing).
• We can assist you in dealing with the internal management aspects relating to test setup.
• Experienced in helping to resolve issues with IT service providers.
• We have the capability to combine penetration testing with other effective forms of assurance.
• Skilled in being able to identify ‘root cause’ findings, strategically analyse findings in business terms, and co-develop security improvement strategies and programmes.
• Ability to follow-through with a security improvement programme to address the fundamental ‘root cause’ issues.

Findings are presented in a report that:

• Provides the necessary feedback on weaknesses and recommendations for your business to make an informed decision on where to prioritize investments in its security.
• Includes high-level summary of findings to explain the vulnerabilities in a way which is understandable by non-technical senior management.
• Demonstrate results in business risk terms that helps shift such attitudes amongst business unit leaders who have traditionally been resistant to cooperating with security or refuse to accept that serious issues might be present.
• A detailed technical report that helps your IT Teams, architects and developers to create more secure and resilient systems, infrastructure and applications by understanding weaknesses and how they can be exploited.
• Removes false positives to focus on real risks associated with each vulnerability.

• Identifies short term (tactical) recommendations and long term (strategic) recommendations;
• Can include a security improvement action plan.

• External infrastructure tests e.g. Network Infrastructure, Website and Web Services. Provides assurance on infrastructure that is often exposed to random, or potentially targeted attacks form the internet. Tests generally examine only systems owned by the target organisation. Tests of Internet service provider infrastructure will require additional agreements.
• Internal infrastructure. Tests can be very specific (e.g. a particular network segment) or very broad (e.g. the entire office network).  Internal tests may also include examinations of wireless network infrastructure. These tests are commonly performed on site, although some penetration testing unless the client has the capability to provide high security remote links.  Internal tests can determine the access a physical intruder or insider might be able to obtain.  Tests of wireless infrastructure can be effective in determining what information can be accessed by individuals in close proximity to a site.
• Application testing. This type of test targeted against a specific application such as web applications, mobile applications, associated databases, client/server applications and backup applications may also be tested.  Application tests can establish whether an attacker can bypass infrastructure level controls, and directly compromise sensitive data using application channels.
• Physical and Building. Tests are targeted against an organisation’s buildings or facilities. Physical controls are often critical to the overall cyber security of an organisation.  For example, once physical access to a system is obtained, it is much easier for an attacker to successfully compromise a computer or steal a data storage device. Tests can be used to demonstrate the ease or difficulty with which physical buildings or sites can be penetrated.
• Social Engineering tests are targeted against staff to extract sensitive information such as passwords and can establish where improvements are required for awareness and organisational security procedures.

We can utilize a range of testing styles:

• ‘Black box’ – no information is provided to our penetration tester. Black box testing is useful to understand what is possible for an uninformed attacker to achieve.  Includes DAST (Dynamic Application Security Testing).
• ‘Grey box’ – limited information is provided, for example login credentials to an application or visitor access to a site. Grey box testing is useful to understand the degree of access that authorised users of a system can obtain.
• ‘White box’ – full information is provided, for example network maps or access to development staff. White box testing is useful when performing a more targeted test on a system that requires a test of as many vulnerabilities and attack vectors as possible. Such tests can be complemented by other forms of security review, for example code reviews of applications or system reviews of network infrastructure. White box includes SAST (Static Application Security Testing).

Note: These techniques are complementary to each other and ideally a combination of each are needed to carry comprehensive testing.

Penetration Testing Services are informed by and follow:

• PCI Penetration Testing Guidance.
• NIST 800-53.
• NIST 800-115.
• The Open Web Application Security Project (OWASP).
• Guidance offered by manufacturers and trusted third parties.
• The ISO 27001 standard (and testing services are certified to ISO 27001:2013).

Penetration testing is a highly skilled activity and the quality of a test depends on the capability of the staff involved in the test. We have experienced expert testers with a broad range of certifications:

• EC-Council Certified Ethical Hacker (CEH v9).
• Licensed Penetration Tester Master (LPT Master).
• Mile2 Certified Penetration Testing Engineers.
• Mile2 Certified Secure Web Application Engineers.
• GIAC Certified Incident Handler (GCIH).
• GIAC Certified Forensic Examiner (GCFE).
• Reverse Engineering Malware (GREM).
• AWS Certified Solutions Architect Associates.
• IBM Certified QRadar Deployment Professional v7.2.7.
• AlienVault Certified Security Engineers (ACSE).
• AlienVault USM Appliance Technicians.
• IBM QRadar Certified Associate Analysts.
• IBM QRadar Certified Associate Administrators.
• Splunk Certified Users.
• AWS Certified Security Fundamentals.
• AWS Well-Architected Certificate.
• Carbon Black Defense Essentials.
• Carbon Black Defense Administrators.
• Carbon Black Response Analysts.
• Certified EC-Council Instructor v2.
• Computer Hacking Forensic Investigator v8 (CHFI v8).
• EC-Council Certified Security Analyst v9 (ECSA v9).
• Mile2 Certified Digital Forensics Examiner.