PENETRATION TESTING

Penetration testing will ensure IT systems and information, whether complex or not, are more secure.

Penetration testing is the process of attempting to gain access to computer systems, networks or web applications without knowledge of usernames, passwords or any other normal means of access. Ultimately, to find vulnerabilities that a hacker could exploit.

 

The main thing that separates a penetration tester from a hacker is ‘permission.’  The penetration tester will have permission from the organisation to test.  They will provide a report on their findings and give full remediation recommendations. Thus, supporting the organisation to defend itself against further attacks. Penetration testing on a regular basis will ensure that your IT systems and information remain secure.

TYPES OF TESTING WE PROVIDE ARE :

  • EXTERNAL PENETRATION TESTING

The purpose of this Test is to ensure that your Company’s IT systems are secure from any internet based attack.

Our investigations for the above test could include any of the following:

External network testing.

Remote access review.

Website testing.

Web Application testing.

Mobile Application testing.

Source Code review.

  • INTERNAL PENETRATION TESTING

The above vulnerability assessment is performed on the servers that form your internal network. The assessment reveals any potential issues that may allow a server to be compromised by a user already on the internal network.

Our investigations for the above test could include any of the following:

Internal Infrastructure testing.

Desktops.

Laptop/workstation Review.

Server Review.

Wireless Vulnerability Assessment

VOIP

Mobile Device  testing

  • PCI DSS ASV SCANNING

A quarterly scan by an ASV approved Company.

External scans of infrastructure related to card payments.

Encription would outsource this to a third party company, Qualys.

Qualys are a certified PCI-DSS Authorised Scanning Vendor, Encription Limited are now partnered with Qualys to provide an efficient and accurate PCI on demand scanning solution. By partnering up with Qualys, Encription Limited are able to offer our customers a continuous PCI scanning solution that will ensure your on-going PCI-DSS compliance.

  • SOCIAL ENGINEERING

Environment and people vulnerabilities can be a larger threat than network and IT vulnerabilities. 

The following tests will identify any vulnerabilities in the areas targeted.

Remote Social Engineering.

Perimeter & Internal Security Review.

Physical Building Access.

Obtain access to a work position and or the server room.

 

  • PUBLIC SERVICES NETWORK – PSN

Encription has a proven track record of delivering IT Health Checks on a regular basis to Local Authorities enabling them to satisfy their PSN v3.7 compliance needs. Each element of Encription’s testing matches Code of Connection (CoCo) requirements, making it easy to complete the CoCo compliance grid. Encription work to OSSTMM and CESG CHECK which dictate that the testing is carried out to the highest standard.

toplogoUntitled

You will satisfy your requirements cost effectively from a company who is GCHQ CESG CHECK green light approved, as well as TigerScheme certified. Encription has a wide experience of CoCo IT Health Checks, making testing more targeted and valuable. We work for several Local Authorities, NHS, Police, and Fire and Rescue Services.

  • CESG CHECK TESTING:

Encription’s consultants are CHECK Team Leaders or Team Members and are verifiable on the CESG website.

encription verified

Verify our CHECK staff here

  • PSN EXTERNAL IT HEALTH CHECK/PENETRATION TESTING

 In depth penetration testing of firewalls and all identifiable services. Testing will be performed over the internet from Encription’s offices.

  • PSN INTERNAL IT HEALTH CHECK/PENETRATION TESTING

On site penetration test to examine security of all servers OS, applications, wireless security, segregation of restricted data, VLAN and firewall rulesets and physical security.

  • ADDITIONAL TESTING:
  •   Website IT health check/penetration testing
  •   Application testing
  •   Home/mobile working devices review
  •   Remote access testing
  •   Server/workstation build review
  •   Firewall configuration review
  •   VPN review
  •   IP telephony & VTC review
  •   Social engineering
  • ON DEMAND CoCo QUARTERLY SCANNING
  • External quarterly vulnerability scanning
  • Internal quarterly vulnerability scanning
  • PCI DSS ASV SCANNING

A quarterly scan by an ASV approved Company.

External scans of infrastructure related to card payments.

Encription would outsource this to a third party company, Qualys.

Qualys are a certified PCI-DSS Authorised Scanning Vendor, Encription Limited are now partnered with Qualys to provide an efficient and accurate PCI on demand scanning solution. By partnering up with Qualys, Encription Limited are able to offer our customers a continuous PCI scanning solution that will ensure your on-going PCI-DSS compliance.

 

Enquire Now