Pen Testing

Full examination and report of your website security.

Pen Testing Packages

Small companies, new startups and sole traders all need one thing, and that is security.
Security of custom, security of capital, and security of company assets.

But what about cyber security? Does that website contain a backdoor into the corporate network? Can the email system be exploited to create and send malicious emails? Is the server’s software vulnerable to allow an attacker easy access?

These are just a few questions that should be considered when setting up a website or an online service.

LIGHT

A LIGHT test will consist of automatic scans and manual testing for vulnerabilities. We will only focus on one test area during this type of test in a blackbox manner. This means that we will not ask for credentials, network maps etc. for any services but will only look for vulnerabilities from the point-of-view of an attacker with no information given to them about the service, such as a website.
On conclusion of the test, a report will be written and submitted within a week that will contain any vulnerabilities found, possibly with suggested remedies.

MEDIUM

The same of a light test but double the duration. This allows us to investigate vulnerabilities which usually leads to finding more vulnerabilities that could be used in a direct or chain of attack. The MEDIUM package will also include a free LIGHT test that can be taken in the future or as a retest after any found vulnerabilities have been remedied.
On conclusion of the test, a report will be written and submitted within a week that will contain any vulnerabilities found, possibly with suggested remedies.

THOROUGH

A thorough test, as the name suggests, is a more thorough test that will dive deeper into your system to search for vulnerabilities and configuration issues.
Due to the complexity of this test we advise testing at a white box level where we can really see the internal going-ons. Whitebox testing is when we are provided with anything to help us access and understand the system, such as network diagrams, user/test credentials etc.
This type of test is limited to seven hours which is a very short time for a full thorough test to take place, but enough time to find vulnerabilities that an attacker may use to get a foot-hold in a chain of attack.
We will not try and add extras to the test during or after the test has taken place. Any “test extensions” or anything else will be discussed before testing takes place.
The THOROUGH package will also include a free LIGHT test that can be taken in the future or as a retest after any found vulnerabilities have been remedied.
On conclusion of the test, a report will be written and submitted within a week that will contain any vulnerabilities found, possibly with suggested remedies.

We can offer a single stand-alone pentest, or if a customer’s system is constantly evolving then we can offer a reoccurring pentest at times that suits the customer.

Want to know more? Get in touch.