Penetration Testing

Technology alone won't solve your security problems- that’s why testing is so important.

A Penetration test is a simulated cyber-attack against your computer systems to check for exploitable vulnerabilities. 

So why do you need a Penetration test? Whilst other cyber security assessments answer the question – “What are our weaknesses, and how do we fix them?” Penetration testing checks, “Can someone break in, and what can that attacker get access to?”

Penetration tests identifies all potential entry points into the network, including unsecured ports, unpatched vulnerabilities, misconfigured systems, and weak passwords. It tests your systems ability to detect breaches in the event of a real Cyber-attack.

“In security, you are only as secure as the weakest link.”
Kevin Mitnick – the worlds most famous hacker.

Enterprise Security Expertise

Our experts are enterprise security engineers, forensic computer scientists and networking professionals and not accountants or consultants.

Our testing covers all areas of your environment;

We assume the role of an un-trusted outsider, with little or no knowledge of your network, cloud, or applications.

We check vulnerabilities related to TCP/IP protocols and services. We specifically look for problems in your DMZ, router and firewall set-up, the configuration of your systems, and unauthorised access to the hosts, network devices or applications in your environment.

Once identified, we validate these vulnerabilities by attempting to exploit the weaknesses in your systems. Penetrating your infrastructure is the only true means of establishing what issues exist. This eliminates the problem of false positives resulting from poor validation by inexperienced engineers.

Our External Penetration Test

Information Gathering
  • Internet Search Findings 
  • Public IP Address Gathering by analysing MX records, PTR Records, Headers on Emails/Bounce backs and Social Engineering.
Vulnerability Assessment
  • Vulnerability Scans on Public IP’s
  • Port Scan for known ports
  • NMAP Scans
  • Web Application testing
  • Analysis of SSL certs on Public Facing Devices
  • WIFI security checks
  • Mobile device automated and manual analysis
Email Testing
  • Email Spoofing Attempt
  • Email Phishing Attempt
  • SPF/DMARC/DKIM checks
  • Spam Filter test
  • Check for any data breaches using known organisation emails
Exploitation of Vulnerabilities
  • Using previous findings we look to see how the vulnerabilities can be leveraged and exploited
  • Brute Force/Dictionary Attacks on public facing services

We then provide a report with an executive summary, describing a high-level overview of identified control gaps, suggested improvements and an actionable list of tasks for review and undertaking.

What do you need?

Our aim is to find vulnerabilities in your systems, networks and applications before the hackers do. Nostra acting as ethical hackers, provide a simulated cyber-attack without the damaging consequences.

Whats the result?

By the end of the Penetration test, you will have found gaps in the security technology in place, configuration and coding standards and have established how a hacker would behave simulating as close as possible a real-life scenario.

Are you ready to secure your business with Nostra?

If you haven’t done a Penetration test in the last year time to get in touch.