+44 (0) 1189 255 084

Our Service

What we offer

  • Security cleared penetration testing experts that can conduct an independent assessment of your critical applications and infrastructure (To ensure you are protecting your critical assets appropriately)
  • We ensure you understand what is required, through detailed remediation guidance to ensure you achieve the appropriate assurance required.
  • Key to commencing any testing we complete a Scoping exercise, which ensures you are provided with the appropriate testing methodology, prior to agreeing any services.  This method ensures you get the right level of testing and a cost effective approach.

Our testers

Our testers all possess industry recognised technical certifications such as CeH, CREST and Tiger, which ensures that testing is conducted by an experienced expert.

Available Services

Infrastructure Penetration Testing is a methodology that involves evaluating the security of an organisations systems and/or network to ensure they are designed, configured and managed in a manner that protects your critical assets against a malicious attack.

Vulnerabilities need to be understood, prioritised and address to ensure adequate protection against a data breach and subsequent negative impact that this can have on any organisation.

Organisations need to ensure that all vulnerabilities which may affect their network and infrastructure environments are identified, prioritised and the appropriate solutions are addressed to solve these issues. The effect of lapse in security on a company name can be detrimental.

We use industry leading tools and techniques to security test your infrastructure and provide a comprehensive report that details how a malicious attack could be conducted and how to remediate before the bad guys get the opportunity.

Typically this could relate to things such as testing perimeter network devices, VPN’s, Remote Access Gateways, Domain Controllers and Mail, Application, Web Database Servers.

This testing can be conducted on or off a customer premises dependant on requirements.  Testing can be completed under a White Box methodology, where the tester has knowledge and internal credentials of the customer or a Black Box methodology whereby the tester has no credentials and only uses publicly accessible information to mount an attack.  Often testing is done under a mixture of these methods but that is based on client requirements.

Web Applications have become critical to organisations across the world, enabling business to reach out to the global consumer and operate internationally with ease.  They are also the public face of a company and sometimes the first point of contact a customer can have with the organisation.  It is therefore essential that these applications are adequately tested against malicious actors, whether that is to assure the protection of personal and/or sensitive data or ensuring your websites stays up and running.

At Bridwell Consulting our Application Penetration Test focuses on vulnerabilities such as the Open Web Application Security Project (OWASP) framework, as well as a number of carefully selected industry sources.  This ensures we identify a web application’s weaknesses prior to a malicious attacker finding them.

This testing can be conducted on or off a customer premises dependant on requirements.  Testing can be completed under a White Box methodology, where the tester has knowledge and internal credentials of the customer or a Black Box methodology whereby the tester has no credentials and only uses publicly accessible information to mount an attack.  Often testing is done under a mixture of these methods but that is based on client requirements.

There are many areas and techniques used as part of conducting an Application Penetration test, such as passive information gathering, session management, configuration reviews, authentication mechanisms and data validation controls.

Smart phones are increasingly becoming an enabler for organisation’s to operate effectively within every location.  Mobiles now need to be considered as a key access point to an organisations environment as hackers are also shifting their attention to mobiles.

If a mobile application plays a significant part in your organisation’s strategy, then our Mobile Application Security Test is a necessity.

In order to employ a consistent approach to testing, Bridewell Consulting use the Mobile OWASP Top 10 as a testing framework and carefully selected industry sources.  Our testing identifies application vulnerabilities whether that be as a registered user or a unregistered user with no access.

We don’t just leave you worry about what we’ve identified, we provide you with the best remediation advice and can oversee that process to ensure your organisation has the right level of assurance that its key mobile applications are operating securely.

Wireless security under the 802.11 standard is inherently insecure.  We can help your organsiation assess the security posture of your Wireless infrastructure and supporting procedures.

We’ll conduct testing, identify security issues and assess the reliability of your wireless network infrastructure.

This can include specific types of tests or a combination of testing such as
•  Wireless Man-in-the Middle Attack Testing
•  Wireless Distributed Denial of Service DDoS Attack Testing
•  Bluetooth Attack Testing
•  Wireless Authentication & Encryption Attack Testing
•  Wireless Configuration Tests

This testing is primarily conducted on client premises and can be performed at any time to suite client requirements.  At the end of the testing you will also receive detailed remediation guidance, providing you with a roadmap to improving your wireless security.

Social Engineering is one of the most overlooked form of security testing in organisations to date.

We use the Social Engineering Framework to test an organisation’s security policies and procedures to see if they are widely understood across the organisation and more importantly are being adhered to.

Social engineering is defined as “any act that influences a person to take an action that may or may not be in their best interest.” Although we tend to focus on the malicious forms of Social Engineering, it is important to understand the psychological, physiological, and technological aspects of influencing a person in general. The same principles that are used in the positive sense can also be used maliciously.

We can work with you to develop a covert project activity that will test your organisation and employees.  Often employees can think they are being helpful and disclose sensitive information or automatically assume a level of trust when dealing with people by telephone and/or email.  Through a range of tests we can identify operational weakness and help you improve your organisational practices.

A Red Team Exercise is an all-out attempt to gain access to a system by any means necessary, and usually includes cyber penetration testing, physical breach, testing all phone lines for modem access, testing all wireless for potential access, and also testing employees through several scripted social engineering and phishing tests.

These are real life exercises carried out by an elite small team of trained professionals that are hired to test the physical, cyber security, and social defenses of particular system.

Often, clients are not always in control of all aspects of the security of their systems. Whether this is outsourcing physical security, cyber security monitoring or even using contractors and outside firms for securing IT systems.

Since all it takes is the weakest link for a security breach to occur, it is important to test all facets of a security program to determine where the breaking points exist. For this reason, we advocate using a Red Team Exercise to mimic the same process that a motivated attacker would follow to map out an organisation’s infrastructure, perform reconnaissance at key physical installations, and then test the physical, cyber, and social defenses all at once through a staged exercise.

We have the resources, methodology, and experience to perform these tests in a safe manner that does not impose any operational risk to our clients.

Get in touch

to find out more about Penetration Testing

Other Cyber Security Services

Close Menu