The aim of a Penetration Test (Pentest) is to simulate an attack on a premises or facility to verify the effectiveness of the procedures and systems deployed to secure the building. By using 'Red Team' adversarial analysis techniques, undertaking a controlled simulation of an attack, a Penetration Test uncovers security weaknesses and vulnerabilities in a realistic way.
The spectrum of potential tests range from simple perimeter assessments to fully coordinated multi-layered breaches. The 'attack' methodology is flexible and might range from passive information gathering to the identification a potential attack vector, which can only be detected on-site.
The adaptation of the penetration test to the specific requirements of the customer guarantees the practical relevance for the client.
Despite the individuality of every Pentest, the workflow can be categorized into the following four phases:
- Reconnaissance
- Investigation
- Exploitation
- Documentation
Precise information about the separate phases can be provided upon request.
During an attack simulation those phases are passed through as agreed with out client at the outset. It maybe that the reconnaissance and investigation phases are all that are needed along with a detailed report of our findings or it may be necessary to demonstrate how the vulnerabilities can be exploited by gaining access to facility or but a precise programme of activity will be agreed.
The vital layers of site security are rarely tested properly
Once complex and expensive Security Systems have been installed it is customary to test the functionality and where appropriate, the interface with other systems. However, whilst the design intent has been met, until an actual security breach has been attempted, the systems ability to react appropriately, presenting information correctly and generating the requisite response from other security resources, will your security measures really function correctly?
Your confidence might be based upon what should happen and not necessarily on what really does happen. Or indeed the Pentest activity may demonstrate that your planning and investment has been effective – but wouldn't it be good to be sure?
You have invested in the technology and resources but can you be certain
You've upgraded your systems, you have invested in the latest technology, your Security Response plan is in place and the security personnel have well defined Assignment Instructions but how can you know that when an incident occurs your plans will work and gaps will not appear.
RedTeam Pentesting offers specialised, qualitative tests that are designed to identify vulnerabilities and weaknesses that could be exploited if left unaddressed. Mitigation can be developed in many ways and sometimes a simple adjustment to Security Response Plans and Assignment Instructions or the refinement of a particular Security System can mitigate in part or in full the potential threats that are faced.
For further information on Penetration Testing please call Jon Roadnight on 0207 868 50070.
Download our latest brochures
| 
