What is a Penetration Test?
A penetration test is a form of ethical hacking where an authorised individual attempts to find gaps in the security of your IT infrastructure, applications or processes, with the aim of gaining access to your assets. The purpose of the penetration test is to review the security, and provide a report to management with the technical risk viewpoint with recommendations designed to mitigate those risk areas.
Gridware’s approach to penetration testing is to determine the extent to which your network can defend against threats by testing your exposure to common exploits and vulnerabilities on your infrastructure. The testing is performing from the perspective of an attacker with only limited knowledge of your network infrastructure and systems. Gridware utilises in-house developed tools, as well as scripts commonly used by attackers. The ultimate goal is to identify vulnerabilities that might pose a risk and determine the business impact of such an exposure. The tests are conducted at your place of business or run remotely from our headquarters in Sydney.
Identify domain names, potential for information theft, firewalls, associated networks, partners and any publicly available information through DNS and search engines.
Identify listening ports on your host to determine what services may be running that could potentially cross-checked for exploits.
Extracting information from target systems through listening services, dummy accounts or Wifi, SMTP and NetBios.
Assessing the organisations vulnerability appetite by assessing existing installed software and both the infrastructure and operating system level as well as individual user level for potential for exploits or vulnerabilities.
Data analytics of the results are provided as well as a detailed exploitation report identifying any vulnerabilities, misconfigurations or possible bugs.
Let’s make information security training a priority in your company!
A penetration test (or pen test) is a series of intentional attempts to gain unauthorised access through the use of specialised tools available to attackers and professionals. It is like a stress test for your business systems and applications. It assess the integrity of your business ensuring confidential data is secure, access permissions are appropriate, and that applications are compliant with the latest patches and free from vulnerability of exploits.
Penetration tests should be conducted by an external service provider to ensure there is no bias in the testing, that it is run independently from the business by technical experts who are familiar with the latest developments in exploits and both international and industry standards.
Gridware regularly conducts external penetrations tests, from the perspective of an attacker, internal penetration testing, from the perspective of a rouge employee after restricted information and network and firewall tests to ensure the integrity of your infrastructure. We also recommend running regular penetration testing on Wireless (wifi) networks as well as testing remote social engineering in electronic attacks such as phishing or directed human effort at compromising your systems.
Regular scans will only check and ‘compare’ to data that is often outdated or no longer applicable with the latest developments in the security industry. You need to ‘do as they do’ and perform tests from the perspective of an attacker with the tools attackers utilise to bypass your defences.
All business applications, even when used in the cloud, are subject to vulnerabilities and exploits. It’s only a matter a time before commonly used applications are compromised and then subsequently patched. We need to check that the patch management process is keeping up with the latest developments, and that they are being patched against exploits. The cloud will only act as a host and cannot guarantee the integrity of any application it hosts.
The cost of penetration testing will depend on the systems your business runs. In our experience, most company’s in Sydney and Melbourne should undertaken both external and internal penetration testing, as well as firewall configuration and policy reviews. In our experience, comprehensive testing will take between 6-12 days to complete, which estimates to $11,000 to $25,000.
Penetration testing will take 6-12 business days to complete. When less testing is required, or focused on single applications, systems or processes, testing can completed in 1-2 business days.
Gridware primarily looks for security vulnerabilities at the network and host level configurations. This is a fundamental step in ensuring your systems are not publicly accessible to unauthorised users. We also focus server/cloud configuration, email servers, and all major operation system and browser exploits that are commonly seen.
Penetration testing is way of demonstrating reasonable efforts made to test the integrity of your business infrastructure and applications. It shows your company has put effort into protecting confidential and sensitive business data to regulators such as ASIC or AUSTRAC. With new legislation passing in Australia, businesses are required to demonstrate they’ve regularly checked their systems are compliant with the industry standards and that checks have been made to ensure there are no vulnerabilities which can be easily utilised by attackers.
"Knowing our cyber risks in software we develop, as it is being developed, means my team can get on the front foot of security and protect the clients that utilise our software from data loss. The Gridware team are the best we've worked with."
"With Gridware, we gained a valuable security partner to review our IT programs across various large projects across Australia, without having to build our security expertise from scratch. They're flexible, thorough and quick with solutions."
"Gridware is an intelligent company with top talent. We've developed an new and improve information security program with the end result being more accurate security decisions and improved processes."
Gridware has extensive experience in a range of security penetration testing and risk management services. Our consultants are recognised for their depth of expertise and knowledge of deep web technical assessments and governance services.
We are proud to be to employ CREST (Council for Registered Ethical Security Testers) consultants that are familiar with your industry and infrastructure. Our headquarters is based in Sydney which is the financial and technological hub of Australia. The vast melting pot of IT innovation and knowledge in Sydney has provided Gridware with the high quality talent it needs to provide best-in-class cyber security services. We also service major capital cities including Melbourne, Brisbane and Perth.
Get secure today, team up with Gridware.