Penetration Testing

Penetration tests are technical security reviews focused on gaining unauthorised access to information assets. It is of most benefit to companies with complex internet or intranet facing infrastructure. It aids in-house technical staff in developing better security solutions and processes, while still aiding business risk managers in understanding the threats to their assets.

Our Penetration testing methodology is designed to simulate a thorough 'real-world' attack.

External Penetration Testing

External penetration tests attempt to gain unauthorised access to the target network with no privileged access or knowledge provided by the client.

This will typically demonstrate the damage an attacker with no direct links to the organisation could inflict. These penetrations are the most commonly reported type, including website defacements, infrastructure hijacks, and unwitting content distribution.

Internal Penetration Testing

Internal penetration testing is a review by which Content Security demonstrates the damage an internal attacker can inflict on a information systems. These attackers can be executed by employees seeking unauthorised access to sensitive documentation, or an attacker who has breached the perimeter security. Typical examples are remote controlled desktops, compromised wireless systems, and in extreme cases, an attacker who simply walks in and plugs in a laptop to the company network.

This review will identify weaknesses which are not available to an external attacker due to other security controls. For example, weak passwords or unpatched systems may go undetected by an external penetration test, but will be highlighted in an internal penetration test.