As well as providing technical recommendations, where possible, we identify the root cause of the issue and give recommendations at a process and policy level.
Web Application Penetration Test
A Web Application Penetration Test is focused on evaluating the security posture of a web-based application by recreating the scenario of an attacker targeting it. The assessment will identify any vulnerabilities within the applications and their deployment, allowing development and infrastructure teams to address any weaknesses quickly.
We recognise that every web application is different and for that reason our well tested methodologies will not only cover common web application vulnerabilities such as injection and access control issues, but also the latest vulnerabilities affecting the technologies in use by a particular web application. In the case of bespoke web applications, SERTALINK SECFORCE also has the tools and expertise to identify issues which are not publicly known, also known as zero-day issues.
Understanding your business is important to us and our consultants will endeavour at all times to present their findings in the context of your unique environment, so that the impact of the findings is relevant and clearly understood.
Infrastructure Penetration Test
The aim of an Infrastructure Penetration Test is to identify vulnerabilities affecting an organisation’s network infrastructure, which could be exploited by an attacker to gain unauthorised access to the network and its systems. Such an assessment also provides a valuable evaluation of the corporate security policies and procedures and accurately identifies classes of process failures such as misconfiguration, patch management and password enforcement.
In the case of externally facing infrastructure, SERTALINK SECFORCE assumes the role of a well motivated but non-destructive attacker who is targeting the infrastructure over the Internet. When assessing internal infrastructure, SERTALINK SECFORCE recreates the scenario of a disgruntled employee, malicious contractor or other attacker who has managed to infiltrate the internal corporate network. Our objective is to assess how far such an attacker could go and what level of risk such a breach would pose to the business.
SERTALINK SECFORCE has many years of experience testing all manner of network topologies. It is this knowledge and understanding that allows us to conduct testing without impacting on production systems or usability during assessments
Try Pen Test
- Understand your needs and scope the pentest.
- Gather information about your systems and identify potential attack vectors.
- Perform a vulnerability assessment and prioritize the vulnerabilities.
- Attempt to exploit the vulnerabilities and develop recommendations for remediation.