Chat with us, powered by LiveChat

Penetration Testing

What is a penetration test?

Identify, Remediate, Protect and Monitor.

A penetration test is a form of ethical hacking where an authorised individual attempts to find gaps in the security of your IT infrastructure, applications or processes, with the aim of gaining access to your assets. The purpose of the penetration test is to review the security, and provide a report to management with the technical risk viewpoint with recommendations designed to mitigate those risk areas.

Penetration testing is also useful in validating the efficacy of your defensive controls and determining how well the end-user can adhere to their security restrictions.

penetration-testing

What is the process to run a penetration test?

Gridware’s approach to penetration testing is to determine the extent to which your network can defend against threats by testing your exposure to common exploits and vulnerabilities on your infrastructure. The testing is performing from the perspective of an attacker with only limited knowledge of your network infrastructure and systems. Gridware utilises in-house developed tools, as well as scripts commonly used by attackers. The ultimate goal is to identify vulnerabilities that might pose a risk and determine the business impact of such an exposure. The tests are conducted at your place of business or run remotely from our headquarters in Sydney.

  • Information Gathering

    Identify domain names, potential for information theft, firewalls, associated networks, partners and any publicly available information through DNS and search engines.

  • Port Scanning

    Identify listening ports on your host to determine what services may be running that could potentially cross-checked for exploits.

  • Enumeration

    Extracting information from target systems through listening services, dummy accounts or Wifi, SMTP and NetBios.

  • Vulnerability Scan

    Assessing the organisations vulnerability appetite by assessing existing installed software and both the infrastructure and operating system level as well as individual user level for potential for exploits or vulnerabilities.

  • Analysis and Reporting

    Data analytics of the results are provided as well as a detailed exploitation report identifying any vulnerabilities, misconfigurations or possible bugs.

Want to get started?

Speak with our consultants today about booking penetration testing!

Benefits to Senior Management and Board

Penetration testing will help you avoid the cost of downtime should a hacker take the website down or exploit a vulnerability. Organisations pay millions of dollars in IT remediation costs to get systems back up, and in most cases, these systems are exploited using trivial security flaws that take hackers just seconds to compromise. Being proactive will help you discover issues before they become a risk and lead to a security compromise.

Independently verify your company’s security appetite and exposure

Mitigate risks and incorporate recommendations into your Cyber Security Program

Ensure compliance with international standards ISO 27001, PCI DSS and NIST

Avoid costly data breaches, fines and reputational damage of non-compliance with legislation

Promote best practice information security culture in your company

Secure Client and Customer Information

Cyber Breach? 85% of Customers
will never do business with you again

Preserve corporate image and customer loyalty. Trust is something that needs to be earned. A recent report by PwC showed 85% of customers saying that they will not do business with a company if they are worried about its data practices. Each incident of compromised customer data can be costly: negatively affecting sales and ruining company reputation. Penetration testing helps you prevent data incidents that put your organisation at risk.

penetration-testing-reputation-trust

Types of Penetration Testing We Conduct

Penetration Test Type Scope Frequency
IT Infrastructure External Network Penetration Test (ENTP) Firewall configuration, public facing IP’s and infrastructure ie. servers, cloud, AWS configuration, Azure configruation, DDoS prevention, load testing etc. 1 per year or major change
IT Infrastructure Internal Penetration Test (INPT) Testing of internal network controls, segmentation, dev and production environment, testing third-party access and access controls, internal user elevation of privileges, unauthorised accounts, sensitive data locations and security permissions. 1 per year or major change
Web Application Penetration Test Identify existing or potential vulnerabilities, OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers. Testing of user accounts if applicable for escalation vulnerabilities. Prior to launch, 1 per year or major change
Mobile Application Penetration Test Identify existing or potential vulnerabilities for mobile applicable against Android and iOS standards, OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers. Testing of user accounts if applicable for escalation vulnerabilities. Prior to launch, 1 per year or major change
Social Engineering Testing Phishing simulation, attempting to retrieve sensitive data through social engineering techniques (calling, email based, fraud). “Trusted Authority” disguise, employee impersonation (IT Help Desk) to try and facilitate payment of invoice or unauthorised access. 1 per year
Wireless Network Penetration Testing Testing configuration of wireless entry points against internal network controls, segmentation, separation, VPNs, privilege access management, sensitive data etc. 1 per year or major infrastructure change
Physical Security Penetration Testing Identifying existing or potential access security control vulnerabilities. Attempting to bypass existing security restrictions, including RFID, lift access, biometric security. Infiltration using USB payloads, open workstations or unsecured device docking stations. 1 per year or infrastructure change or office relocation

Want to get started?

Penetration Testing FAQs

How much does penetration testing cost?

The cost of penetration testing will depend on the systems, infrastructure and complexity of your business applications. In our experience, most companies in Sydney and Melbourne look into undertaking both external and internal penetration testing, as well as firewall configuration and policy reviews. In our experience, comprehensive testing can take between 3-12 days to complete, depending on a variety factors such as your industry and company size, which reflects into the commercial range $5,000 to $25,000.

How long does it take to do a penetration test?

Penetration testing will take 6-12 business days to complete. When less testing is required, or focused on single applications, systems or processes, testing can completed in 1-2 business days.

What do you check when you do a penetration test?

Gridware primarily looks for security vulnerabilities at the network and host level configurations. This is a fundamental step in ensuring your systems are not publicly accessible to unauthorised users. We also focus server/cloud configuration, email servers, and all major operation system and browser exploits that are commonly seen.

Why does my company need to do penetration tests?

Penetration testing is way of demonstrating reasonable efforts made to test the integrity of your business infrastructure and applications. It shows your company has put effort into protecting confidential and sensitive business data to regulators such as ASIC or AUSTRAC. With new legislation passing in Australia, businesses are required to demonstrate they’ve regularly checked their systems are compliant with the industry standards and that checks have been made to ensure there are no vulnerabilities which can be easily utilised by attackers.

What is a penetration test?

A penetration test (or pen test) is a series of intentional attempts to gain unauthorised access through the use of specialised tools available to attackers and professionals. It is like a stress test for your business systems and applications. It assess the integrity of your business ensuring confidential data is secure, access permissions are appropriate, and that applications are compliant with the latest patches and free from vulnerability of exploits.

Why should penetration testing be done by a service provider?

Penetration tests should be conducted by an external service provider to ensure there is no bias in the testing, that it is run independently from the business by technical experts who are familiar with the latest developments in exploits and both international and industry standards.

What are the types of penetration tests that can be done?

Gridware regularly conducts external penetrations tests, from the perspective of an attacker, internal penetration testing, from the perspective of a rouge employee after restricted information and network and firewall tests to ensure the integrity of your infrastructure. We also recommend running regular penetration testing on Wireless (wifi) networks as well as testing remote social engineering in electronic attacks such as phishing or directed human effort at compromising your systems.

Are your penetration testers certified?

All our penetration testers are qualified to conduct penetration tests and are certified ethical hackers CREST, CISSP, ISO 27001 Auditors, GSEC, GWAPT and CEH.

We already run vulnerability scans and antivirus, why should be conduct a penetration test?

Regular scans will only check and ‘compare’ to data that is often outdated or no longer applicable with the latest developments in the security industry. You need to ‘do as they do’ and perform tests from the perspective of an attacker with the tools attackers utilise to bypass your defences.

My business uses cloud applications, why is a penetration test still required?

All business applications, even when used in the cloud, are subject to vulnerabilities and exploits. It’s only a matter a time before commonly used applications are compromised and then subsequently patched. We need to check that the patch management process is keeping up with the latest developments, and that they are being patched against exploits. The cloud will only act as a host and cannot guarantee the integrity of any application it hosts.

Ready to team with Gridware?

Make the switch and team up with Gridware to make information security a priority in your company.

What Our Customers Say

  • "Knowing our cyber risks in software we develop, as it is being developed, means my team can get on the front foot of security and protect the clients that utilise our software from data loss. The Gridware team are the best we've worked with."

    CIO, Health Insurance Provider (Sydney)
  • "With Gridware, we gained a valuable security partner to review our IT programs across various large projects across Australia, without having to build our security expertise from scratch. They're flexible, thorough and quick with solutions."

    Director, IT and Innovation, Mining (Perth)
  • "Gridware is an intelligent company with top talent. We've developed an new and improve information security program with the end result being more accurate security decisions and improved processes."

    CIO, A-REIT (Sydney)

–  Why Choose Gridware for Penetration Testing  –

Gridware has extensive experience in a range of security penetration testing and risk management services. Our consultants are recognised for their depth of expertise and knowledge of deep web technical assessments and governance services.

We are proud to employ CREST (Council for Registered Ethical Security Testers) consultants that are familiar with your industry and infrastructure. Our headquarters is based in Sydney which is the financial and technological hub of Australia. The breadth of IT innovation in Sydney has provided Gridware with the high quality talent it needs to provide best-in-class cyber security services. We also service major capital cities including Melbourne, Brisbane and Perth.

Get secure today, team up with Gridware.

Case Studies

Take a look at how we have helped some of our many clients.

News and Insight

Have a look at some of the media exposure Gridware has received.

Other Services

Have a look at other services Gridware can offer your business.

Contact Us

Let us give you a call back to provide more detail on our offerings or arrange a presentation

Start typing and press Enter to search