What we test

We identify vulnerabilities in your company before cyber criminals do by performing a range of different security tests.

 What we test

We offer many different types of penetration tests: Web Application, Cloud Testing (AWS), External Network Testing, Vulnerability Scanning, Cyber Security Training and more.

 Who we are

We are a group of cyber security researchers with a range of different skills. We have experienced researchers at hand to help test all aspects of your company ethically.

Why get security tested?

Compliance Requirements

Your company is responsible for protecting any personal data you hold. GDPR/PCI-DSS recommends you to regularly assess your applications and critical infrastructure for security vulnerabilities. Infringements for data processing can be from 10 million pounds upwards.

Longterm Investment

A security breach can cause losses in several different areas which can include damaged data, reputation, machinery, loss of customers and partners; all of which endures financial loss. Ensuring your company is not vulnerable earlier than later is a vital part of your companies survival.

Strengthen customer trust

Companies are expected to protect their customers against cyber threats. A penetration test will ensure your customer's (and staff's) data is not at risk. Such tests will play an essential part for your companies good reputation and success. Customer trust is the foundation for a successful business relationship.

Enhanced Performance

Misconfigurations on newly released or current technology can often lead to poor performance. Penetration tests will help you identify these issues, which can then be fixed. Fixing misconfigurations will also lead to a decrease in

  

Our Services

Below are our primary cyber security assessment services, upon request we can provide additional custom security assessments

 External Penetration Tests

A external penetration test aims at assessing your network for vulnerabilities and security issues in your servers, hosts, devices and network services. We see what information you have exposed to the outside world. This test examines external IT systems for any weakness that can be used by a cyber criminal to disrupt confidentially, availability or integrity of your network.

We use the following methodologies to assess your systems:

  • Digital Footprinting
  • Public Information and Information Leakage
  • DNS Analysing and DNS Bruteforcing
  • Network and Port Scanning
  • System Fingerprinting
  • Service Probing
  • Manual Vulnerability Testing
  • Password Service Strength Testing

 Web Application

A web application test involves automatically and manually testing your applications (and REST/SOAP API endpoints) functionality for vulnerabilities. We use industry standard methodologies (OWASP Top 10) to assess the security level of your web platform. All identified security issues are documented and reported, with information on how to mitigate these vulnerabilities.

The vulnerabilities we assess and look for primarily:

  • Injection - Such as SQL/PHP/LDAP queries and OS command injection.
  • Broken Authentication - Handling mismanaged sessions which leads to a users identities being compromised.
  • Sensitive Data Exposure - Applications and APIs leaking sensitive data.
  • XML External Entities - XML processors evaluating external references used to exploit your system.
  • Broken Access Control - Accessing unauthorized resources (such as databases, restricted pages and directories)
  • Security Misconfigurations - Such as available directory listings or default error messages revealing version numbers.
  • Cross-Site Scripting (XSS) - Inserting untrusted data/scripts into web pages. There is reflective, stored or DOM-based XSS attacks.
  • Insecure Deserialization - Applications not deserializing objects that often leads to remote code execution.
  • Components with Known Vulnerabilities - Libraries, frameworks or other software modules that are vulnerable.
  • Insufficient Logging and Monitoring - Having a lack of countermeasures in place if an attack takes place.

 Vulnerability Scanning

We have our own custom monitoring tools to perform a monthly security scanning service. These checks your web applications or networks (or even both) are continuously passing regular security checks . Each scan is analysed to ensure any urgent vulnerabilities are notified to your staff for immediate action.

We personalize these scans and provide reports to show the outcome of these tests.

 Social Engineering

A Social Engineering penetration test is designed to test your employees adherence to security controls with respect to human manipulation, including email, phone calls, media drops, and physical access. This type of test will allow your company to understand your security posture.

We will simulate a social engineering attack on your company, analyse the results and tell you how to improve your employees ability to handle such an attack. It is estimated that over 400 businesses are targeted by spear-phishing attacks everyday and 95% of successful cyberattacks are the result of phishing. Sometimes, a company is compromised because of a human error and not technological.

 

Consulting Packages

Bronze Packge Silver Package Golden Package Platinum Package
OWASP Top 10 & Zero Days OWASP Top 10 & Zero Days OWASP Top 10 & Zero Days OWASP Top 10 & Zero Days
Reports 1 Initial & 1 Major Reports 1 Initial & 1 Major Reports 1 Initial & 1 Major Reports 1 Initial & 1 Major
Subdomain 1 Subdomain 3 Subdomain 6 Unlimited
Vulnerability Assessment: Yes Vulnerability Assessment: Yes Vulnerability Assessment: Yes Vulnerability Assessment: Yes