Chat with us, powered by LiveChat

Australia’s Trusted Penetration Testing Company

What is a penetration test?

A penetration test is a form of ethical hacking where an authorised individual attempts to find gaps in the security of your IT infrastructure, applications or processes, with the aim of gaining access to your assets. The purpose of the penetration test is to review the security, and provide a report to management with the technical risk viewpoint with recommendations designed to mitigate those risk areas.

Penetration testing is also useful in validating the efficacy of your defensive controls and determining how well the end-user can adhere to their security restrictions.

penetration testing

Types of Penetration Testing We Conduct

  • Web Application Penetration Testing

    Identify existing or potential vulnerabilities both at the application layer and infrastructure side in accordance with PTES and OSSTM. All assessments include OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers.

    Frequency: 1 per year or at major change

  • Network Layer Penetration Testing

    External perimeter security assessment and audit, subnet analysis, open port scans and attack surface assessment. Firewall configuration review, testing of public facing IP's and infrastructure resiliency ie. servers, cloud storage, AWS configuration, Azure configuration, DDoS prevention, load testing etc.

    Frequency: 1 per year or at major change

  • Wireless Penetration Testing

    Testing configuration of wireless entry points against external attack. Review of internal network controls, segmentation, separation, VPNs, privilege access management, sensitive data etc. WPA2 vulnerabilities, KRACK and others.

    Frequency: 1 per year or at major change

  • Mobile Application Penetration Testing

    Identify existing or potential vulnerabilities for mobile applicable against Android and iOS standards, OWASP source code best practice review, internal review of access privileges, external testing of public facing IPs and servers. Testing of user accounts if applicable for escalation vulnerabilities.

    Frequency: Prior to release or at major change

  • Physical Security Penetration Testing

    Identifying existing or potential access security control vulnerabilities. Attempting to bypass existing security restrictions, including RFID spoofing, lift access manipulation, biometric security and HVAC access security. Infiltration using USB payloads, open workstations or unsecured device docking stations.

    Frequency: 1 per two years or at relocation

  • Social Engineering Scenario Testing

    Social engineering testing including simulation calling and emailing of employees to gain access to systems or attempt manipulating financial account information. “Trusted Authority” disguise, employee impersonation (IT Help Desk) testing.

    Frequency: 1 per year

It’s time you work with the best.

Gridware’s penetration testing team actively works to reduce the attack surface of your applications to stop known and unknown attacks from eventuating

What is the process to run a penetration test?

Gridware’s penetration testing services are used to determine the extent to which your network can defend against threats by testing your exposure to common exploits and vulnerabilities on your infrastructure. The testing is performed from the perspective of an attacker with only limited knowledge of your network infrastructure and systems. Gridware utilises in-house developed tools, vulnerability scanning as well as manual testing using common scripts used by attackers. The ultimate goal is to identify vulnerabilities that might pose a risk and determine the business impact of such an exposure. The tests are conducted at your place of business or run remotely from our headquarters in Sydney. This allows us to offer penetration testing for Melbourne businesses, and across Australia.

  • Information Gathering

    Identify domain names, potential for information theft, firewalls, associated networks, partners and any publicly available information through DNS and search engines.

  • Port Scanning

    Identify listening ports on your host to determine what services may be running that could potentially cross-checked for exploits.

  • Enumeration

    Extracting information from target systems through listening services, dummy accounts or Wifi, SMTP and NetBios.

  • Vulnerability Scan

    Assessing the organisations vulnerability appetite by assessing existing installed software and both the infrastructure and operating system level as well as individual user level for potential for exploits or vulnerabilities.

  • Analysis and Reporting

    Data analytics of the results are provided as well as a detailed exploitation report identifying any vulnerabilities, misconfigurations or possible bugs.

Benefits to Senior Management and Board

Penetration testing will help you avoid the cost of downtime should a hacker take the website down or exploit a vulnerability. Organisations pay millions of dollars in IT remediation costs to get systems back up, and in most cases, these systems are exploited using trivial security flaws that take hackers just seconds to compromise. Being proactive will help you discover issues before they become a risk and lead to a security compromise.

Independently verify your company’s security appetite and exposure

Mitigate risks and incorporate recommendations into your Cyber Security Program

Ensure compliance with international standards ISO 27001, PCI DSS and NIST

Avoid costly data breaches, fines and reputational damage of non-compliance with legislation

Promote best practice information security culture in your company

Secure Client and Customer Information

Cyber Breach? 85% of Customers
will never do business with you again

Preserve corporate image and customer loyalty. Trust is something that needs to be earned. A recent report by PwC showed 85% of customers saying that they will not do business with a company if they are worried about its data practices. Each incident of compromised customer data can be costly: negatively affecting sales and ruining company reputation. Penetration testing helps you prevent data incidents that put your organisation at risk.

Let’s Get Started

Keep client’s, your Board and investors happy by using our world-class team to help you identify and close security gaps before they become issues.

Penetration Testing FAQs

Are your penetration testers certified?

All our penetration testers are qualified to conduct penetration tests and are certified ethical hackers CREST, CISSP, ISO 27001 Auditors, GSEC, GWAPT and CEH.

We already run vulnerability scans and antivirus, why should be conduct a penetration test?

Regular scans will only check and ‘compare’ to data that is often outdated or no longer applicable with the latest developments in the security industry. You need to ‘do as they do’ and perform tests from the perspective of an attacker with the tools attackers utilise to bypass your defences.

My business uses cloud applications, why is a penetration test still required?

All business applications, even when used in the cloud, are subject to vulnerabilities and exploits. It’s only a matter a time before commonly used applications are compromised and then subsequently patched. We need to check that the patch management process is keeping up with the latest developments, and that they are being patched against exploits. The cloud will only act as a host and cannot guarantee the integrity of any application it hosts.

How much does penetration testing cost?

The cost of penetration testing will depend on the systems, infrastructure and complexity of your business applications. In our experience, most companies in Sydney and Melbourne look into undertaking both external and internal penetration testing, as well as firewall configuration and policy reviews. In our experience, comprehensive testing can take between 3-12 days to complete, depending on a variety factors such as your industry and company size, which reflects into the commercial range $5,000 to $25,000.

How long does it take to do a penetration test?

In our experience, Penetration testing can take anywhere between 5-15 business days to complete. When less testing is required, or if testing is focused on a single application, systems or process, testing can be completed in 2-3 business days.

What do you check when you do a penetration test?

Gridware primarily looks for security vulnerabilities at the network and host level configurations. This is a fundamental step in ensuring your systems are not publicly accessible to unauthorised users. We also focus server/cloud configuration, email servers, and all major operation system and browser exploits that are commonly seen.

Why does my company need to do penetration tests?

Penetration testing is way of demonstrating reasonable efforts made to test the integrity of your business infrastructure and applications. It shows your company has put effort into protecting confidential and sensitive business data to regulators such as ASIC or AUSTRAC. With new legislation passing in Australia, businesses are required to demonstrate they’ve regularly checked their systems are compliant with the industry standards and that checks have been made to ensure there are no vulnerabilities which can be easily utilised by attackers.

What is a penetration test?

A penetration test (or pen test) is a series of intentional attempts to gain unauthorised access through the use of specialised tools available to attackers and professionals. It is like a stress test for your business systems and applications. It assess the integrity of your business ensuring confidential data is secure, access permissions are appropriate, and that applications are compliant with the latest patches and free from vulnerability of exploits.

Why should penetration testing be done by a service provider?

Penetration tests should be conducted by an external service provider to ensure there is no bias in the testing, that it is run independently from the business by technical experts who are familiar with the latest developments in exploits and both international and industry standards.

What are the types of penetration tests that can be done?

Gridware regularly conducts external penetrations tests, from the perspective of an attacker, internal penetration testing, from the perspective of a rouge employee after restricted information and network and firewall tests to ensure the integrity of your infrastructure. We also recommend running regular penetration testing on Wireless (wifi) networks as well as testing remote social engineering in electronic attacks such as phishing or directed human effort at compromising your systems.

Ready to team with Gridware?

Make the switch and team up with Gridware to make information security a priority in your company.

What Our Customers Say

  • "Gridware is the cybersecurity company that compeititors look up to. Knowing where the security gaps are within our applications before go-live gives us peace of mind that we are actively protecting our customer data. What differentiates Gridware from other companies is that when they start working, it is like we gain a valuable internal resource."

    IT Manager Nikon Australia
  • "With Gridware, we gained a valuable security partner to review our IT programs across various large projects across Australia. It saved us having to build our security expertise from scratch. They're flexible, thorough and quick with solutions. An agile vendor, one of the best we have worked with."

    Marsha Wilson Director, IT and Innovation
  • "Gridware is an intelligent company. The team has worked with us to identify and solve a number of cyber risks. It has been a pleasure working with Gridware."

    Mark Knowlton former CIO, Macquarie Bank

–  Why Choose Gridware for Penetration Testing  –

Gridware has extensive experience in a range of security penetration testing and risk management services. Our penetration testing Sydney consultants are recognised for their depth of expertise and knowledge of deep web technical assessments and governance services.

We are proud to employ CREST (Council for Registered Ethical Security Testers) consultants that are familiar with your industry and infrastructure. Our headquarters is based in Sydney which is the financial and technological hub of Australia. The breadth of IT innovation in Sydney has provided Gridware with the high quality talent it needs to provide best-in-class cyber security services. We also service major capital cities including Melbourne, Brisbane and Perth.

Get secure today, team up with Gridware.

Case Studies

Take a look at how we have helped some of our many clients.

News and Insight

Have a look at some of the media exposure Gridware has received.

Other Services

Have a look at other services Gridware can offer your business.

Contact Us

Let us give you a call back to provide more detail on our offerings or arrange a presentation

Start typing and press Enter to search