Our testing services are available on a one-off or ongoing basis tailored to your business requirements, and our designed to reduce risks to the reputation of your organisation and your client’s data. Services range from automated vulnerability assessments to in-depth, regular penetration testing of internal and external infrastructure and web applications.
The primary purpose is to analyse the level of technical security and resilience of systems, business processes and staff to internal and external attacks.
Penetration testing will show you both critical and other gaps in security, and possible ways that the Confidentiality, Integrity or Availability of your website, systems and data could be compromised by hackers or cyber criminals. You can then address these, improving the security of your organisation and reducing risk to your business and clients.
types of testing
Our testing services are focused in four main areas
A Vulnerability Assessment provides a cost-effective, high-level overview of potential security weaknesses, and is often the starting point for organisations implementing a testing programme for the first time.
An automated scan of your internal and/or Internet-facing infrastructure is conducted, quickly identifying known vulnerabilities that may be present. This typically highlights out of date operating systems in use, missing operating system patches, out of date or unpatched software, configuration issues and many other cyber-security weaknesses that may be very easily exploited by malware or an attacker.
Automated vulnerability assessments allow us to provide immediate feedback on the vulnerabilities that are present in order that you can start to address issues as quickly as possible.
Automated vulnerability assessments are normally a starting point; some vulnerabilities would only be identified by manual testing, which is described in the following sections.
External Network Penetration Testing
Penetration testing, also referred to as pen-testing or ‘ethical hacking’ expands upon the scope of a vulnerability assessment and involves an authorised attempt to gain access to the systems, applications (desktop, web and mobile) and their data.
During the pentest, experienced testers imitate elements of a real cyber-attack where they search for vulnerabilities and identify ways that they could be exploited by those with more malicious intentions.
Ensuring your network perimeter is resilient to Internet-based threats is your first line of defence against both attackers and malware, that may target the network services that your organisation exposes on the Internet.
An external penetration identifies vulnerabilities that could be exploited by an Internet-based attacker, and evaluates the risk of this occurring using the same techniques that would be used in a real-life cyber-attack.
Internal Network Penetration Testing
An internal pentest will provide you with a full picture of the vulnerabilities that are present, and how they could be exploited by a malicious user or malware. Our accredited penetration testers are experienced in identifying types of vulnerabilities and how they may be exploited.
Website / Web Application Testing
Your website is a window into your business for your clients and potential customers. Many organisations also run web applications which allow clients to access services provided by you online. In both cases, it’s critical that your website and web-based applications are secure, and do not put your clients, or your reputation at risk.
Cyber-attacks against websites and web applications frequently lead to data breaches. Many are automated, and not aimed at a specific target, but the motives behind targeted website attacks can be simply to take your website offline, or to gain access to systems and databases containing sensitive information.
Undertaking a penetration test of your website and any web-based applications identifies vulnerabilities that are present, and which may be exploited resulting in downtime or ultimately unauthorised access to data.
Our testing team are experienced at identifying vulnerabilities in your website or application, allowing you to apply effective security measures to reduce the risk of a security breach.
Looking for something else?
Our awareness programmes will help you educate your entire team, from executive level down, through appropriate and tailored delivery content and methods.
Whether it’s technology assessment, evaluation of cyber insurance policies, deciding on a formal security framework, or just some general advice, we’re here to help.
data protection - GDPR
GDPR (the General Data Protection Regulation) has some very specific requirements around Data Security, check the ICO advice here for a great guide to what you should be thinking about.
Our team can help you with many aspects of GDPR including:
- Programme Planning
- Executive Awareness
- Staff Awareness
- Data Discovery
- Impact Assesments
- Incident response and reporting
- Data Protection Officers
CyberScale LTD • Company no. 04493885 • Registered in England
30 Cattle Market Street, Norwich, Norfolk, NR1 3DY