Penetration Testing

Penetration Testing

Test, Protect, Monitor.

What is a Penetration Test?

A penetration test is a form of ethical hacking where an authorised individual attempts to find gaps in the security of your IT infrastructure, applications or processes, with the aim of gaining access to your assets. The purpose of the penetration test is to review the security, and provide a report to management with the technical risk viewpoint with recommendations designed to mitigate those risk areas.

penetration-testing

Our Penetration Testing Methodology

Gridware’s approach to penetration testing is to determine the extent to which your network can defend against threats by testing your exposure to common exploits and vulnerabilities on your infrastructure. The testing is performing from the perspective of an attacker with only limited knowledge of your network infrastructure and systems. Gridware utilises in-house developed tools, as well as scripts commonly used by attackers. The ultimate goal is to identify vulnerabilities that might pose a risk and determine the business impact of such an exposure. The tests are conducted at your place of business or run remotely from our headquarters in Sydney.

  • Information Gathering

    Identify domain names, potential for information theft, firewalls, associated networks, partners and any publicly available information through DNS and search engines.

  • Port Scanning

    Identify listening ports on your host to determine what services may be running that could potentially cross-checked for exploits.

  • Enumeration

    Extracting information from target systems through listening services, dummy accounts or Wifi, SMTP and NetBios.

  • Vulnerability Scan

    Assessing the organisations vulnerability appetite by assessing existing installed software and both the infrastructure and operating system level as well as individual user level for potential for exploits or vulnerabilities.

  • Analysis and Reporting

    Data analytics of the results are provided as well as a detailed exploitation report identifying any vulnerabilities, misconfigurations or possible bugs.

Want to get started?

Let’s make information security training a priority in your company!

Benefits to Senior Management and Board

Independently verify your company’s security appetite and exposure

Mitigate risks and incorporate recommendations into your Cyber Security Program

Ensure compliance with international standards ISO 27001, PCI DSS and NIST

Avoid costly data breaches, fines and reputational damage of non-compliance with legislation

Promote best practice information security culture in your company

Secure Client and Customer Information

Penetration Testing FAQs
What is a penetration test?

A penetration test (or pen test) is a series of intentional attempts to gain unauthorised access through the use of specialised tools available to attackers and professionals. It is like a stress test for your business systems and applications. It assess the integrity of your business ensuring confidential data is secure, access permissions are appropriate, and that applications are compliant with the latest patches and free from vulnerability of exploits.

Why should penetration testing be done by a service provider?

Penetration tests should be conducted by an external service provider to ensure there is no bias in the testing, that it is run independently from the business by technical experts who are familiar with the latest developments in exploits and both international and industry standards.

What are the types of penetration tests that can be done?

Gridware regularly conducts external penetrations tests, from the perspective of an attacker, internal penetration testing, from the perspective of a rouge employee after restricted information and network and firewall tests to ensure the integrity of your infrastructure. We also recommend running regular penetration testing on Wireless (wifi) networks as well as testing remote social engineering in electronic attacks such as phishing or directed human effort at compromising your systems.

Are your penetration testers certified?

All our penetration testers are qualified to conduct penetration tests and are certified ethical hackers CREST, CISSP, ISO 27001 Auditors, GSEC, GWAPT and CEH.

We already run vulnerability scans and antivirus, why should be conduct a penetration test?

Regular scans will only check and ‘compare’ to data that is often outdated or no longer applicable with the latest developments in the security industry. You need to ‘do as they do’ and perform tests from the perspective of an attacker with the tools attackers utilise to bypass your defences.

My business uses cloud applications, why is a penetration test still required?

All business applications, even when used in the cloud, are subject to vulnerabilities and exploits. It’s only a matter a time before commonly used applications are compromised and then subsequently patched. We need to check that the patch management process is keeping up with the latest developments, and that they are being patched against exploits. The cloud will only act as a host and cannot guarantee the integrity of any application it hosts.

How much does penetration testing cost?

The cost of penetration testing will depend on the systems your business runs. In our experience, most company’s in Sydney and Melbourne should undertaken both external and internal penetration testing, as well as firewall configuration and policy reviews. In our experience, comprehensive testing will take between 6-12 days to complete, which estimates to $11,000 to $25,000.

How long does it take to do a penetration test?

Penetration testing will take 6-12 business days to complete. When less testing is required, or focused on single applications, systems or processes, testing can completed in 1-2 business days.

What do you check when you do a penetration test?

Gridware primarily looks for security vulnerabilities at the network and host level configurations. This is a fundamental step in ensuring your systems are not publicly accessible to unauthorised users. We also focus server/cloud configuration, email servers, and all major operation system and browser exploits that are commonly seen.

Why does my company need to do penetration tests?

Penetration testing is way of demonstrating reasonable efforts made to test the integrity of your business infrastructure and applications. It shows your company has put effort into protecting confidential and sensitive business data to regulators such as ASIC or AUSTRAC. With new legislation passing in Australia, businesses are required to demonstrate they’ve regularly checked their systems are compliant with the industry standards and that checks have been made to ensure there are no vulnerabilities which can be easily utilised by attackers.

Ready to team with Gridware?

Make the switch and team up with Gridware to make information security a priority in your company.

What Our Customers Say
  • "Knowing our cyber risks in software we develop, as it is being developed, means my team can get on the front foot of security and protect the clients that utilise our software from data loss. The Gridware team are the best we've worked with."

    CIO, Health Insurance Provider (Sydney)
  • "With Gridware, we gained a valuable security partner to review our IT programs across various large projects across Australia, without having to build our security expertise from scratch. They're flexible, thorough and quick with solutions."

    Director, IT and Innovation, Mining (Perth)
  • "Gridware is an intelligent company with top talent. We've developed an new and improve information security program with the end result being more accurate security decisions and improved processes."

    CIO, A-REIT (Sydney)
–  Why Choose Gridware for Penetration Testing  –

Gridware has extensive experience in a range of security penetration testing and risk management services. Our consultants are recognised for their depth of expertise and knowledge of deep web technical assessments and governance services.

We are proud to be to employ CREST (Council for Registered Ethical Security Testers) consultants that are familiar with your industry and infrastructure. Our headquarters is based in Sydney which is the financial and technological hub of Australia. The vast melting pot of IT innovation and knowledge in Sydney has provided Gridware with the high quality talent it needs to provide best-in-class cyber security services. We also service major capital cities including Melbourne, Brisbane and Perth.

Get secure today, team up with Gridware.

Case Studies

Take a look at how we have helped some of our many clients.

News and Insight

Have a look at some of the media exposure Gridware has received.

Other Services

Have a look at other services Gridware can offer your business.

Contact Us

Let us give you a call back to provide more detail on our offerings or arrange a presentation

Not readable? Change text. captcha txt

Start typing and press Enter to search