Get started

PENETRATION TESTING

Penetration testing (also called pen testing) intention is to find any issues with security in computer system, network or web application that an attacker could use. Our experienced professional penetration testers, also known as ethical hackers, simulate an attack using same techniques as hackers would to find and exploit any weaknesses. This way you can fix any of the security issues before they can be exploited by someone with malicious intentions.

<Here is what you get>

  • Scoping the pen test

    Talk to our experienced security team about your concerns. We’ll review your application and infrastructure with you, and create requirements for the best security test possible. For each test we assign a team with skills best suited to your application stack.

  • Actionable reports

    All findings are assessed and validated to ensure the report contains only issues with potential for real impact. Results will contain detailed description of how your team can reproduce and confirm the findings (crucial in order to fix them!). We’ll propose steps your team can do to address reported vulnerabilities.

  • Supporting you all the way

    Your team can collaborate directly with our security engineers on fixing the vulnerabilities.

  • There when you need us

    We can deliver penetration tests as frequent as you like. We will support you in building a pen test program that fits your needs.

Goals of a penetration test

  1. Determine feasibility of a particular set of attack vectors.
  2. Identify any vulnerabilities which are present, including any that are high-risk which result from a combination of lower-risk vulnerabilities exploited in sequence.
  3. Identify vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software.
  4. Assess the potential business and operational impacts of successful attacks.
  5. Test the ability of network defenders to detect and respond to attacks.
  6. Justify increased investment in security personnel and technology.

Our services

Secure

We use “throwaway” Virtual Machines per test which will be destroyed after test. Making sure none of the findings or data we might have accessed during testing has any chance of leaking.

Collaborative

Get descriptions, screenshots and suggested fixes. Need more? Ask security engineers directly.

Our talent

Certified Researchers

We always include at least one certified security professional with a recognized certification on Pen Test engagements.

On Top Of The Game

Our security engineers keep their skills fresh and sharp as portion of their time is reserved for research and taking part in security challenges and training.

Our process

We use a mixture of automated and manual tests a real attacker would use. Driven by experience, curiosity and inquisitiveness our pen testers leave no stone unturned.

OUR PENETRATION TEST SERVICES

  • smashing magazine
    Infrastructure testing

    We believe that a secure infrastructure is the foundation for a cyber resilient organization. Our penetration testing specialists conduct both internal and external infrastructure testing of servers, workstations, domains, virtual environments, network devices as well as network segregation controls.

  • smashing magazine
    Application testing

    Many organizations rely heavily on applications to run their business. These are often the digital shopfront for an organization that can be accessed from anywhere in the world. Commonly this includes presenting information, providing functionality to staff or customers, or providing a backbone for all of the organization’s data processing needs.

  • smashing magazine
    Build review

    In addition to infrastructure and applications, the security of the underlying servers is key to preventing a compromise. However, should a compromise occur, hardening is important to ensure any breach is sufficiently contained and that an attacker cannot easily move any further around the system or infrastructure.

  • smashing magazine
    Mobile application & device

    Becoming increasingly more frequent, organizations are now developing and using mobile applications to interact with clients and staff alike. It is important that the applications offer the same levels of security as traditional web applications, and as such, we offer an extensive mobile application penetration testing service of all of the common platforms, including Android, Apple,and Windows Phone applications.

  • smashing magazine
    Network device reviews

    Network devices within an organization provide the backbone for communication within the infrastructure. If one is compromised this could have a devastating effect on the overall security of the organization. Our network device review service aims to provide assurances over such devices, by assessing the running configuration, firmware version and firewall rulesets of devices from a large number of major manufacturers including Cisco, HP, Juniper, Palo Alto, Brocade, SonicWall and Mikrotik.

  • smashing magazine
    Wireless penetration testing

    Wireless access points can offer attackers a means to attack an infrastructure from a safe distance, often going undetected. Our wireless network testing and configuration review service aims to ensure that those wireless networks are securely implemented and offer a high level of security. The service includes wireless access point reviews, WLAN controller and client device reviews, site surveys and rogue access point sweeps.

  • smashing magazine
    SCADA and ICS testing

    Supervisory Control and Data Acquisition (SCADA) systems, also known as Industrial Control Systems (ICS), are commonly deployed within a range of industries including power production, manufacturing, water treatment and oil and gas. Our expert SCADA penetration testing team offers a comprehensive review of your SCADA/ICS system. This assessment can take on many forms, including reviews of relevant policies and procedures, architecture review, physical security assessment, infrastructure penetration testing, segregation testing and build review exercises.

  • smashing magazine
    Secure code view

    To ensure a ‘defence in depth’ approach to security for applications, we carry out source code reviews. A source code review service is a systematic examination of an application’s source code from both manual and automated perspectives. This ‘white box’ approach is intended to find and fix mistakes overlooked in the initial development phase, which may not always be possible to find with ‘grey box’ or ‘black box’ testing methodologies, improving both the overall quality of software and the developer's skills.

  • smashing magazine
    Virtualization testing

    More frequently, organizations are now moving their infrastructures to virtualized environments, both on-premises or hosted in the cloud. Often, those environments offer an unrestricted means of traversal into corporate environments. Therefore the security posture of virtualized environments can't be overlooked. We carry out a combination of build review and infrastructure testing of virtual environments or private clouds, on both commercial and restricted networks. Our experience includes key products such as VMware, Hyper-V as well as cloud service providers like Amazon and Google.

  • smashing magazine
    Stolen laptop reviews

    With many laptops or mobile devices being lost or stolen, we review devices to identify what information can be obtained if it falls into the wrong hands. This includes assessing whether the laptop can be compromised via boot methods, encryption bypassing and any information that can be used to further attack the company.

  • smashing magazine
    Gold image build reviews

    We can perform a detailed malware and forensic review of any master gold images that are used to deploy servers within the environment. This will ensure that the master image has not been infected or tampered with before it's pushed out and used.

  • smashing magazine
    Database reviews

    We can perform a detailed review of database servers focusing on permissions, versions and configurations on all major versions such as Microsoft SQL, MySQL, PostgreSQL, Oracle and MongoDB as well as others.

We use cookies in order to personalize the content and advertisements, to propose functions of connection with the social networks and to analyze the frequentation of our site. We also share information about your use of our site with our partners in the areas of social networking, advertising and analytics.You can manage your preferences in Cookie Settings. By using this website, you consent to the use of cookies. TISALABS Privacy Statement