Various organisations exist that provide Penetration testing services. Many claim to employ poacher turned gamekeeper types who have made a name for themselves by hacking into well know highly secure systems. These individuals are either technically bright or just plain lucky. No matter how they managed to hack the organisation, they are academics or amateurs at heart who lack the business knowledge that is essential in evaluating business risks. Pentest consultants have years of experience of highly complex IT architectures and business processes enabling them to understand the relative importance of security issues to the business.

Pentest penetration testing and vulnerability assessment services are individually tailored to the customer. The scope of the testing can range from individual external system testing to enterprise wide external and internal reviews. After an initial fact finding and project scoping exercise with the Pentest project lead consultant and the client, a team of highly skilled consultants with complimentary skill sets are assembled for the engagement. This ensures that the teams knowledge, expertise and tool set offers complete coverage of the systems being tested leaving no stone unturned.

Armed with detailed knowledge of attack methods and vulnerabilities in common use, our own in-house tools and established testing methodologies Pentest will simulate the skill level of the potential attacker, ranging from script kiddie to informed and highly skilled insider. This approach offers a far more realistic attack simulation than that offered by running a commercial vulnerability analysis tool. The automated tool approach used by some security consultancies has the benefit of being cost effective to run, however this approach is aimed at the masses and is the equivalent of a scattergun approach, generating long and largely irrelevant reports. This method is unlikely to point the consultant towards the vulnerabilities representing the greatest threat to a client.

In addition to the standard system and application technical tests, Pentest can perform social engineering attacks and simulate competitive intelligence gathering on request.

On completion of the test the client receives a report detailing the attack methods used by the team and an analysis of their findings. The report will also provide an assessment of the level of risk presented by the vulnerabilities found and recommendations for remedial work. Finally, Pentest presents a summary of findings to management and appropriate technical groups highlighting the relevant issues, supported by the technical content of the document.

For details of any of the above services please contact Pentest Limited or email Pentest:enquiries.

Working in this way, Pentest consultants are able to transfer knowledge to our clients, leaving them better equipped to deal with future issues themselves.