Physical Penetration testing is the simulation of an attack on a building or organisation to test the effectiveness of existing procedures and systems. This ultimately allows you to identify weaknesses that could be exploited if left unaddressed.
Using realistic techniques and methods, the Physical Penetration test will pinpoint weaknesses and flaws in the existing security infrastructure, identifying vulnerabilities that can then be hardened.
Conducting the test
The Physical Penetration test can be adapted to specific site requirements and can be conducted at different levels from simple perimeter assessments, through to fully coordinated multi-layered breaches.
The penetration test is conducted in a series of phases, which are applied to all testing scenarios. The four test phases are:
- Phase 1 – Hostile Reconnaissance
- Phase 2 – Attack Plan development
- Phase 3 – Exploitation
- Phase 4 – Documentation
Upon appointment we will discuss the test phases with you to determine how far the test needs to go. It may be necessary to only complete phases 1 and 2 to highlight vulnerabilities and security weaknesses, however to test the response of the security measures in place it will be necessary to undertake a full breach attempt. This may take many different forms and will be agreed prior to commencement.
All findings from the test will be submitted to the client in a detailed report, pinpointing security vulnerabilities and offering suggestions and advice on how to improve security in that particular area.
The importance of a penetration test
Whether you have installed a new security system, opted for an upgrade of have existing security measures in place, the only way to know whether the security protection in place is fit for purpose is to test it in a realistic way to see whether an attack can be detected and thwarted.
By using an adversarial analysis approach, our Penetration Testing Team will devise an attack plan that might be used by a hostile combatant to gain entry into the site or building. How your security infrastructure is able to resist an attempted breach is the only true way of knowing whether your security measures will perform adequately in the face of a real attack.