0345 305 4118
Penetration Testing

As a CREST approved Penetration Testing provider, the objective of penetration testing is to discover whether there are weaknesses visible in deployed systems, and in some cases to go one step further and actually exploit the vulnerabilities to compromise the systems.

This could mean gaining administrative access, data, passwords or a foothold for further attack.

The term “penetration testing” is often used interchangeably to describe either of these two disciplines described above.

At CNS, for clarity; we make the distinction between the two as follows.

Vulnerability Assessment = reconnaissance to discover and report upon weaknesses found

This is usually the initial step in any real life attack/hacking incident, and can be the point at which a malicious actor is thwarted and moves on to an easier target.  We often find that this aspect is what our clients are most interested in, and that they prefer to spend their further resources in raising defences against, or eliminating any weaknesses found.

Pros:

Faster, less intrusive (less likely to cause adverse effects e.g. system failures), cheaper, easier to schedule, typically taking one day or less

Cons:

No evidence will be supplied to prove that the systems can be exploited/compromised e.g. by collecting real hashed or cracked passwords etc.

 

Full Penetration Testing = discover and exploit weaknesses

Pros:

We will prove whether your systems can be exploited or compromised by trying to actually exploit or compromise them, collecting evidence such as hashed or cracked passwords or data.

Cons:

More time consuming and intrusive (more likely to cause adverse effects such as system failures), typically taking 5 days or more depending on the system under test. May take longer to schedule dependant on the requisite specialists required by the nature of the system under test (e.g. web application testing may require a specialist in the particular system to be deployed from CNS’ trusted and vetted partner portfolio) .

 

CNS is CREST approved for Penetration Testing Services and this provides confidence that penetration testing will be carried out by qualified competent testers supported by a professional services company with appropriate policies, processes and procedures.

 

CNS is rare in having considerable skills and experience in the more sought after discipline of raising defences across myriad vendor systems for our clients consisting of organizations from SME to global enterprises of over 50,000 employees. 

 

We often find that this aspect of raising defences or eliminating vulnerability exposure is the main focus of our clients on discovering, through the “red team” testing;  system weaknesses.

 

Black Box = no details other than external IP addresses are supplied by yourselves

 

Grey Box = some details e.g. a partial system map or an account with low privileges are supplied by yourselves, so the red team is able to spend more time on exploitation and less on reconnaissance.

 

White Box = full details including maps and credentials are supplied by yourselves (e.g. admin credentials necessary for a “credentialed patch audit” of internal systems aimed at discovering whether requisite operating system patches have been applied, which is often required for Cyber Essentials+ certification).

 

In all cases proof of ownership of systems will be required by CNS as will documented permission and legal disclaimers where appropriate.

CREST approved


Find out more about CREST here

 

 

Offering a comprehensive range of Testing Services from a highly accredited team

  • CREST approved Penetration Testing Services
  • Tiger Qualified Security Team Member (QSTM)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cyber Forensics Professional (CCFP)
  • CESG CCP Senior IA Auditor
  • Certified EU GDPR Foundation Qualified
  • Cloud 9 Framework Supplier
  • UK Government IASME-accredited Cyber Essentials Plus Certification Body 
  • Recognised as an IASME Gold Standard Company & Certification Body
  • Holding over 40 different accreditations in 20 specialist technology areas

“We have worked closely together in recent years to successfully gain our Cyber Essentials Plus accreditation and help ensure new services are designed and tested securely. Given the challenges of today’s budget pressures and increasing Cyber security risk we have found Capital Networks to be an effective, reliable and professional partner"

Myles Jordan
Head of ICT security and Risk Management, Natural Resources Wales
Think we can help you?
For a no-obligation discussion please complete the form
Copyright @2017 Capital Network Solutions
See how we perform for clients
4.87/5
Customer Satisfaction
95%
Client retention rate
70%
Business from referrals