Penetration testing is the process of assessing IT infrastructure, encompassing computers, mobile devices and network or web applications, to find weaknesses that could potentially be exploited by an attacker.
Penetration testing is also undertaken in a preventive manner, to assist organisations improve their security posture and/or compliance and awareness programmes.
When performing penetration tests, Jayde Consulting operates methodically and meticulously, using a combination of manual and automated processes to best identify any vulnerabilities. This manual approach often finds vulnerabilities that an automated process may miss. It is this methodology that sets us apart from many of our competitors.
We adopt an asymmetric approach to penetration testing with a view to emulating attacks as close to real-life scenarios as possible. Our reporting clearly outlines our findings and includes valuable and practical recommendations to mitigate any risks or thwart threats identified.
Amateur penetration testing firms use automated tools and a ‘tick and flick’ approach to security audits. Professional operators often have more effective tools, however most importantly, they employ qualified and talented people with proven experience.
Penetration Tests we offer
Jayde Consulting tailors its service to suit client requirements and budgets. In principle, however, we offer the following:
External Penetration Testing mimics an attack whereby a hacker tries to gain access to a company’s restricted IT resources by exploiting an existing vulnerability or configuration flow.
Internal Penetration Testing is an attack from within the network perimeter. It simulates the behaviour of a disgruntled employee or whistleblower, who is trying to use standard user privileges to obtain restricted access to an organisation’s protected resources.
Blind (Black Box) Penetration Testing is conducted based on limited information initially provided to the penetration testing team. Normally, only a company name is revealed. This approach is designed to simulate the conduct of a real attacker, who will be required to spend considerable time gathering information and conducting reconnaissance.
Targeted Penetration Testing is limited to testing a specified IT resource(s) and involves close cooperation with local IT personnel during the process. IT personnel are encouraged to monitor the simulated attack in progress. This type of assessment can be useful for improving IT Change Management processes as well as educating local IT staff.
Web Application Security Testing addresses security concerns caused by the proliferation of poorly secured software running inside a web browser (web apps) and related Web Services technologies (e.g., REST and SOAP). We provide an in-depth security evaluation based on the latest Open Web Application Security Project (OWASP) Testing methodology version 4. Our capable specialists perform a vast majority of the tests manually, to ensure quality and reliable results.
Social Engineering involves tricking people into revealing confidential information to an unauthorised party. This information is then used to attack the IT infrastructure. Today, Social Engineering remains one of the most popular choices for hackers due to its simplicity and effectiveness. The procedure is designed to test the security awareness and reaction of employees, when approached to provide confidential information by an unauthorised party.
Wireless Penetration Testing processes involve discovering wireless devices on a corporate network, including routers, computers and mobile devices. Once identified, security vulnerabilities or configuration flows are compromised, often resulting in a free flow of information transmitted within the network boundaries. In our experience, wireless networks and related devices remain the weakest link in any corporate environment.
Limitations of Penetration Testing
As effective as Jayde Consulting’s penetration testing services are, our tests are generally limited by time, budgets and scope. Such tests are designed not to cause any destructive damage to a client’s infrastructure and in most cases are undertaken discretely. A hacker does not have the same limitations and may therefore have greater success, particularly when not worried about any trail of destruction or disruption.
With the above in mind, we strongly recommend that when engaging our penetration testing services, that our ‘Security as a Service’ support also be retained, thereby providing a far more effective service, without impacting on an IT systems’ continuity.