How vulnerable are you?

Today’s security climate is fraught with challenges—from increasingly sophisticated hackers and evolving regulations to the mounting business pressure to guard against attacks that are easier than ever to execute over the Internet.

Internal Penetration Testing

An Internal Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed. An Internal Penetration Test mimics the actions of an actual attacker exploiting weaknesses in network security without the usual dangers. This test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.

Speknet's Internal Penetration Test follows documented security testing methodologies which can include:

* Internal Network Scanning
* Port Scanning
* System Fingerprinting
* Services Probing
* Exploit Research
* Manual Vulnerability Testing and Verification
* Manual Configuration Weakness Testing and Verification
* Limited Application Layer Testing
* Firewall and ACL Testing
* Administrator Privileges Escalation Testing
* Password Strength Testing
* Network Equipment Security Controls Testing
* Database Security Controls Testing
* Internal Network Scan for Known Trojans
* Third-Party/Vendor Security Configuration Testing

The report generated as the output of this work is designed for both executive/board level and technical staff.


External Penetration Testing

An External Penetration Test differs from a vulnerability assessment in that it actually exploits the vulnerabilities to determine what information is actually exposed to the outside world. An External Penetration Test mimics the actions of an actual attacker exploiting weaknesses in the network security without the usual dangers. This test examines external IT systems for any weakness that could be used by an external attacker to disrupt the confidentiality, availability or integrity of the network, thereby allowing the organisation to address each weakness.

Speknet's External Penetration Test follows documented security testing methodologies which can include:

* Footprinting
* Public Information / Information Leakage
* DNS Analysis / DNS Bruteforcing
* Port Scanning
* System Fingerprinting
* Services Probing
* Exploit Research
* Manual Vulnerability Testing and Verification of Identified Vulnerabilities
* Intrusion Detection/Prevention System Testing
* Password Service Strength Testing
* Remediation Retest (optional)

Web Application Penetration Testing

Web applications have become common targets for attackers. Attackers can leverage relatively simple vulnerabilities to gain access to confidential information most likely containing personally identifiable information.

While traditional firewalls and other network security controls are an important layer of any Information Security Program, they can’t defend or alert against many of the attack vectors specific to web applications. It is critical for an organisation to ensure that its web applications are not susceptible to common types of attacks.

Speknet's Web Application Penetration Test follows documented security testing methodologies which can include:

* Footprinting
* Public Information / Information Leakage
* DNS Analysis / DNS Bruteforcing
* Port Scanning
* System Fingerprinting
* Services Probing
* Exploit Research
* Manual Vulnerability Testing and Verification of Identified Vulnerabilities
* Intrusion Detection/Prevention System Testing
* Password Service Strength Testing
* Remediation Retest (optional)