0345 305 4118
Penetration Testing

As a CREST approved Penetration Testing provider, the objective of penetration testing is to discover whether there are weaknesses visible in deployed systems, and in some cases to go one step further and actually exploit the vulnerabilities to compromise the systems.

This could mean gaining administrative access, data, passwords or a foothold for further attack.

The term “penetration testing” is often used interchangeably to describe either of these two disciplines described above.

 

At CNS, for clarity; we make the distinction between the two as follows.

 

Vulnerability Assessment = reconnaissance to discover and report upon weaknesses found

 

This is usually the initial step in any real life attack/hacking incident, and can be the point at which a malicious actor is thwarted and moves on to an easier target.  We often find that this aspect is what our clients are most interested in, and that they prefer to spend their further resources in raising defences against, or eliminating any weaknesses found.

 

Pros:

Faster, less intrusive (less likely to cause adverse effects e.g. system failures), cheaper, easier to schedule, typically taking one day or less

 

Cons:

No evidence will be supplied to prove that the systems can be exploited/compromised e.g. by collecting real hashed or cracked passwords etc.

 

Full Penetration Testing = discover and exploit weaknesses

 

Pros:

We will prove whether your systems can be exploited or compromised by trying to actually exploit or compromise them, collecting evidence such as hashed or cracked passwords or data.

 

Cons:

More time consuming and intrusive (more likely to cause adverse effects such as system failures), typically taking 5 days or more depending on the system under test. May take longer to schedule dependant on the requisite specialists required by the nature of the system under test (e.g. web application testing may require a specialist in the particular system to be deployed from CNS’ trusted and vetted partner portfolio) .

 

CNS is CREST approved for Penetration Testing Services and this provides confidence that penetration testing will be carried out by qualified competent testers supported by a professional services company with appropriate policies, processes and procedures.

 

CNS is rare in having considerable skills and experience in the more sought after discipline of raising defences across myriad vendor systems for our clients consisting of organizations from SME to global enterprises of over 50,000 employees. 

 

We often find that this aspect of raising defences or eliminating vulnerability exposure is the main focus of our clients on discovering, through the “red team” testing;  system weaknesses.

 

Black Box = no details other than external IP addresses are supplied by yourselves

 

Grey Box = some details e.g. a partial system map or an account with low privileges are supplied by yourselves, so the red team is able to spend more time on exploitation and less on reconnaissance.

 

White Box = full details including maps and credentials are supplied by yourselves (e.g. admin credentials necessary for a “credentialed patch audit” of internal systems aimed at discovering whether requisite operating system patches have been applied, which is often required for Cyber Essentials+ certification).

 

In all cases proof of ownership of systems will be required by CNS as will documented permission and legal disclaimers where appropriate.

CREST approved


Find out more about CREST here

 

 

Offering a comprehensive range of Testing Services from a highly accredited team

  • CREST approved Penetration Testing Services
  • Tiger Qualified Security Team Member (QSTM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cyber Forensics Professional (CCFP)
  • CESG CCP Senior IA Auditor
  • Certified EU GDPR Foundation Qualified
  • Cloud 9 Framework Supplier
  • UK Government IASME-accredited Cyber Essentials Plus Certification Body 
  • Recognised as an IASME Gold Standard Company & Certification Body
  • Holding over 40 different accreditations in 20 specialist technology areas

"As we have increased the range of information and communications technology systems available externally, having assurance that our environment remains secure is vital. CNS were selected to perform external vulnerability assessments on our network. CNS not only has high levels of experience and accredited expertise, but as a trusted partner, they understand WWH as a business and provide gidance at a level that is appropriate to us'"

Marc Pensom
ICT Infrastructure Manager, Wales & West Housing
Think we can help you?
For a no-obligation discussion please complete the form
Copyright @2017 Capital Network Solutions
See how we perform for clients
4.87/5
Customer Satisfaction
95%
Client retention rate
70%
Business from referrals