Penetration testing, or pentesting, is an independent and objective security assessment which simulates real world attacks on an IT system be it a web application, mobile application, internal network or external network. The aim is to proactively identify vulnerabilities and weaknesses ahead of your attacker.
Penetration Testing
At Cybergate we utilise the same penetration testing tools and techniques as real-world hackers do to offer comprehensive security assessments. These assessments are tailored to your environment and organisational needs, clearly highlighting the security shortcomings whilst providing actionable remediation advice to improve your overall security posture.
A Cybergate penetration testing methodology is made up of the following phases:
- Pre-engagement Assessment: We collaborate with you to understand your cyber security requirements and goals. This exercise will ultimately define the penetration testing services required and the duration of the engagement(s) along with assets which are in scope.
- Penetration Test Execution: In this phase your dedicated consultant will perform the actual test by utilising the same penetration testing tools and techniques malicious actors use whilst following our structured and comprehensive pentesting methodology for that specific type of pentest.
- Reporting Phase: You will be presented with a report detailing the vulnerabilities discovered and how they were exploited along with actionable and tailored remediations.
Web Application Penetration Testing
Your website is the face of your company! Web Applications (Web Apps) have become a necessity for organisations across the globe to establish their online presence and offer services internationally. It is therefore paramount that these technologies are thoroughly security-tested against the latest web attacks to ensure that the Confidentiality, Integrity and Availability of the data processed by them is not in jeopardy.
Cybergate’s Web Application Penetration Testing methodology is based on OWASP’s Application Security Verification Standard (ASVS) with a focus on the OWASP Top 10 vulnerabilities. Protect your website by ensuring that vulnerabilities are discovered before they’re exploited by cyber criminals.
External Infrastructure Penetration Testing
Publicly accessible IT systems at the perimeter are a necessity to provide services to customers and to remotely administer internal resources (eg: VPN and SSH). These systems provide a gateway between the internal company and the outside world, drastically increasing the attack surface and opening doors to hackers.
Cybergate’s External Infrastructure Penetration Test (Network Pentesting) provides a comprehensive security assessment of your external landscape be it on-premise, i.e. hosted by you, or in the cloud. Not only will this assessment identify potential issues that your organisation’s exposed services could introduce, but also reveals superfluous ones which can be removed to drastically reduce the attack surface, leaving only the necessary services for your business to function.
Reach out to us to close all your doors to hackers.
Internal Infrastructure Penetration Testing
Internal networks contain the crown jewels of the company. Disgruntled or rogue members of staff could pose a serious security risk due to the elevated privileges these members are implicitly trusted with. Whilst securing the perimeter is an invaluable exercise, the protection of internal systems from an assumed compromise perspective is just as valuable.
Cybergate’s Internal Infrastructure Penetration Test provides a comprehensive mapping and security assessment of your internal landscape. The level of segregation of the internal network is assessed to ensure that access to internal resources is granted on a need-to-have basis. The internal network pentest will also identify potential issues that your organisation’s services could introduce to insider threats and reveal superfluous ones which can be removed to drastically reduce the attack surface, leaving only the necessary services for your members of staff to do their work.
Mobile Application Penetration Testing
Organisations are leveraging mobile (Android & iOS) applications to provide services at the palm of everyone’s hands. From transferring money to interacting on social network platforms, mobile apps are constantly entrusted with sensitive and personal information such as user and financial data. This makes them an ideal target.
Cybergate’s Mobile Application Penetration Testing methodology is based on OWASP’s Mobile Application Security Verification Standard (MASVS) with a focus on the OWASP Top 10 vulnerabilities. Protect your mobile application by ensuring that vulnerabilities are discovered before they’re exploited by cyber criminals.
