penetration testing

REQUEST A CALL / QUOTE

OUR ACCREDITATIONS


CREST 2013 LOGO

describe the image 

describe the image

 

describe the image

CLIENT TESTIMONIAL

 describe the image

 

"Security Alliance has already added value to our processes, not only by helping us manage our risks but also by providing specialist support for our SOX compliance programme. The quality of their work, their integrity and their desire to see a job through is second to none." 

Protect your Applications and Networks with Penetration Testing - Award winning, accredited, affordable services - Request a Quote.

What is Pen Testing / Penetration Testing?

For security assurance, companies conduct external and internal penetration tests to uncover exploitable security vulnerabilities from the perspective of a malicious outsider or insider respectively.

Penetration testing (also known as pen testing) should provide evidence of how vulnerabilities can be exploited, and the risk level and potential impact of each vulnerability.  Reports should give clear recommendations and solutions to help eliminate each vulnerability or reduce the risk to an acceptable level.

The goal of the penetration test is to identify vulnerabilities in your networks or applications, and to clearly demonstrate the potential security impact.

Overview of our service

An expert Penetration Test Engineer will study your network and applications and search for vulnerabilities.  This is achieved through the use of semi-automated tools and is heavily dependent on manual testing and verification techniques.  By analysing the results, he will expose potential vulnerabilities and customise subsequent tests, based on the initial findings.

The penetration test can include the further exploitation of vulnerabilities that are discovered (chained exploits), if explicitly requested by the client.

Options for penetration tests include:

  • External Penetration Test / Pen Test – Conducted remotely on external or public facing networks or applications to identify vulnerabilities that are visible to outsiders at large.
  • Internal Penetration Test / Pen Test – Conducted on the internal network to identify vulnerabilities that are visible to insiders, contractors, partners with potential malicious intent.

Key service attributes

  • Network / application level vulnerability scanning, mapping and analysis
  • Manual verification of vulnerabilities
  • Extensive customised manual pen tests
  • Controlled exploitative testing, only if explicitly requested
  • Detailed vulnerability reporting
  • Removal of false positive findings
  • Clear recommendations and fixes
  • Access to reports via ClientConnect portal

What you receive

The results of the tests are presented logically and clearly and are provided through an online secure portal (also downloadable as a PDF).  The test report includes the following details:

Penetration Testing
  • Executive summary
    • Vulnerability graph
  • Detailed report of findings
    • Vulnerabilities
      • Detailed steps
      • Solution
      • Further reading
      • Affected assets
    • Unconfirmed vulnerabilities
      • Detailed steps
      • Solution
      • Further reading
      • Affected assets
    • Observations
      • Description
      • Solution
      • Affected Hosts
  • Port scan results
  • The SANS Top 20
  • Interpreting risk ratings
  • Tests performed & tools Used
  • Mitigation tracker

The reports provide a view of the findings ranked by risk level, helping you prioritise on the areas of greatest risk.  Clear guidance and solutions are included to help you quickly eliminate all vulnerabilities found.

What to do next

Please contact us on 020 7148 7475, email us at info@securityalliance.co.uk or complete our Enquiry Form to discuss requirements, get an online demonstration, request a sample report or arrange a meeting.