Penetration Testing

Web Application Test provides a thorough security assessment of web-based applications, including business-to-business, consumer focused and remote access systems. The objective is to ensure that the application is securely configured, thus preventing an attacker from gaining access, or a user being exposed, to confidential data, another user’s account or the back end database.

The need to test
Web applications often provide substantial reductions in operating costs or generate a significant revenue stream, making any downtime a major business cost. Meanwhile, consumer confidence in online services remains fragile, and the negative press coverage that a minor security breach usually attracts does little to encourage uptake. Combined with the fact that applications often contain confidential data, it is vital to ensure these systems are securely configured.

It is also important to test business-to-business and remote access applications. These systems are often business critical, supporting remote workers and offices, or allowing key accounts, suppliers or distributors to interact within the supply chain.

Independent specialist testing is the only way to ensure that applications are robust and not exposing confidential data or presenting a risk to network security.

The objective of performing the VPN Security Test is to determine as much information as possible about the configuration and security of the target VPN Server and to establish if it is possible to gain access to the network through this device. The VPN Client can also be tested to assess the threat presented to the internal network by a normal remote user and by someone who has stolen or gained unauthorised access to a client.

The need to test
There is a widely held misconception that VPN systems are both invisible and impenetrable. This is a dangerous assumption, as testing performed in past has demonstrated that VPNs are often the weak link in an otherwise secure system.

VPNs have become attractive targets for hackers, as they carry sensitive information and often provide users with full access to the internal network. Independent specialist testing is the only way to ensure that VPNs are securely configured and are not presenting a risk to network security.

Onsite Testing service provides a detailed examination of non-Internet visible networks and systems. Testing is flexible to requirements, with options including the testing of a defined set of systems or the identification and testing of all visible systems within a network segment. Testing the defined target from a different network segment allows for the trust relationship between the two segments to be assessed, whereas testing from within the same network segment identifies the system vulnerabilities that an attacker may exploit should they gain direct access to that segment.

The need to test
Security risks can arise from inside the organisation as well as from the Internet. However, this area of security is often overlooked, as internal users, partners, suppliers or other such communities are assumed to be ‘trusted’. In reality, access to servers should be limited and internal systems should be securely configured. This provides protection from internal attacks, but also provides a second level of defence against external attackers who may have already gained a basic level of network access.