Penetration Testing

Connecting, communicating and transacting with customers and other organisations is a necessary component of doing business today. Exposing your technology environment (and therefore, your organisation) to external threat is simply the cost of doing business.

Failure to ensure your key systems and data are sufficiently protected from attack significantly increases the risk of major compromise and disruption, leading to reduced custom, bad publicity, decreased shareholder value, financial loss and potentially an inability to trade.

With your systems and connections exposed and so much at stake, you need to be able to identify your key vulnerabilities fast so that your risks can be known and managed.

A penetration test is an assurance exercise that involves an active assessment of systems to find vulnerabilities. We attempt to find and exploit these weaknesses and evaluate the risk they may have to your business.

We deliver to you an easily understandable, actionable report with recommendations for mitigation of the identified issues. Applying the recommended fixes improves your cyber security overall and decreases the chance of becoming a victim of a successful cyber-attack.

Key Benefits of Penetration testing

  • Discover and eliminate vulnerabilities to help you secure your environment and decrease the chances of a successful cyber breach

  • Regular penetration tests will help you recognise previously undiscovered security issues that pose a threat to your organisation

  • Create your own security standard and maintain that standard through regular penetration testing
  • Give clients, partners, suppliers and stakeholders the confidence that you have a strong cyber security posture and will not introduce unnecessary risks to their business

  • Focus efforts and budget on important security issues by tackling the most critical issues first identified in the penetration testing report

Demonstrable Security

Security Alliance provides a full range of security testing services from source code review to application testing, from vulnerability scanning through to a simulated attack or wargaming exercise.

Our penetration testing services are available as one-off projects or as part of a fully managed programme.

Infrastructure Penetration Test

The infrastructure (or remote network) penetration test will attempt to identify sensitive information about your organisation and infrastructure. Our specialists then assume the position of an external attacker and look to exploit vulnerabilities and system misconfigurations to gain access to the organisation's network over the internet and assess the impact of gaining such access.

Find out more

Web App Penetration Test

A web application penetration test analyses the security posture of web-based applications by reproducing steps that an attacker would take to breach and manipulate the services or the systems on which the application resides.

In addition to the usual application security vulnerabilities such as code injection and privilege escalation issues, our methods also recognise any weaknesses specific to your custom software, including business logic flaws.

Find out more

Mobile App Penetration Test

Mobile applications introduce some unique security challenges.

The mobile application penetration test identifies security issues relating to the operation of the various components of the mobile app, from the client itself and local data storage to API and hosting to evaluate the associated risks.

Find out more

How to book your penetration test?

We'll schedule a preliminary phone call to learn about your challenges

You'll outline your needs and highlight any relevant applications in a scoping questionnaire

We'll review the results and send a detailed proposal outlining the service and pricing

You'll let us know when to proceed

We'll schedule a convenient start date for the penetration test and begin gathering the required technical information in advance

 

Our Accreditations


      Crest Star                         Cyber Essentials Certification       G-Cloud Supplier

Contact Us

Frequently Asked Questions

 

What is a penetration test?

Penetration test (or pentest for short) is an assurance exercise that involves active analysis of systems to find vulnerabilities. During a penetration test our security consultants will perform 'ethical hacking', mimicking the methods of cyber criminals. We attempt to find and exploit weaknesses in your systems to evaluate the risk they have to your business.

What types of systems should you perform penetration tests on?

Any and all systems connected to the internet should be subject of regularl penetration tests. This is to ensure your systems are as secure as possible and you are not exposing your business to unnecessary risks.

The typical type of systems we conduct security tests on include web applications, external networks, mobile applications and internal network infrastructure.

What's the difference between a vulnerability scan and a penetration test?

A vulnerability scan is typically an automated scan that will uncover common vulnerabilities. This is also the first step of a penetration test. During a penetration test, a specialist will review the vulnerabilities uncovered by the scan and investigate them to find the true extent and depth of the issue.

Who performs a penetration test?

Security Alliance provides unique value to its clients by actively integrating its own services with those of its member companies. Member companies provide unique skills and experience, and collectively enable Security Alliance to provide expert and scalable security testing services. Our penetration tests are carried out by one or a combination of member companies dependent on the requirement.

Bespoke security testing

Minimising Cyber Security Risks

Our Security Testing Programmes help clients identify and mitigate against the vulnerabilities within their infrastructure, processes and people. We design and conduct rigorous investigative engagements that locate and fortify weaknesses within technology, code and human behaviour.

We offer a broad range of standalone and managed security testing services, as part of both point-in-time projects and ongoing, integrated programmes.