Our Service

What is Penetration Testing?

Penetration testing, also known as pen testing, is the practice of actively trying to uncover and exploit vulnerabilities within a business’s cyber-security system. This method sees ethical hackers testing all elements of the infrastructure from servers and routers to switches, firewalls and endpoints, such as PCs and laptops. Pen testing enables organisations to understand the security of their network from an internal and external perspective and involve multiple manual and automated enumeration techniques to systematically compromise systems in scope to establish the current landscape.

What we offer

  • Security cleared Crest-certified penetration testing experts that can conduct an independent assessment of your critical applications and infrastructure via network penetration tests (To ensure you are protecting your critical assets appropriately and identifying vulnerabilities)
  • We ensure you understand what is required, through detailed remediation guidance to ensure you achieve the appropriate assurance required.
  • Key to commencing any testing we complete a Scoping exercise, which ensures you are provided with the appropriate testing methodology, prior to agreeing any services.  This method ensures you get the right level of testing and a cost effective approach.
  • Different Types of Penetration Tests & Awareness Training

Our Pen Testers

Our testers all possess industry recognised technical certifications such as CeH, CREST and Tiger, which ensures that testing is conducted by an experienced security expert.

Available Crest-Accredited Penetration Testing Services

Infrastructure Penetration Testing is a methodology that involves evaluating the security of an organisations systems and/or network to ensure they are designed, configured and managed in a manner that protects your critical assets against a malicious attack. You only have to read the news to understand the cyber threat is ever present and comes in many forms such as a phishing attack or ransomware attacks.

Through vulnerability analysis and threat intelligence, security weaknesses need to be understood, prioritised and address to ensure adequate protection against a data breach and subsequent negative impact that this can have on any organisation.

Aside from assessing incident response, organisations need to ensure that all vulnerabilities which may affect their network and infrastructure environments are identified, prioritised and the appropriate managed detection and response solutions are addressed to solve these issues. The effect of lapse in security on a company name can be detrimental.

As a leading testing provider our security consultants use industry leading vulnerability scan testing tools and techniques to security test your infrastructure and provide a comprehensive report that details how a malicious attack could be conducted and how to remediate before the bad guys get the opportunity.

Typically, this could relate to things such as testing perimeter network devices, VPN’s, Remote Access Gateways, Domain Controllers and Mail, Application, Web Database Servers.

This testing can be conducted on or off a customer premises dependant on requirements. Testing can be completed under a White Box methodology, where the tester has knowledge and internal credentials of the customer or a Black Box methodology whereby the tester has no credentials and only uses publicly accessible information to mount an attack. Often testing is done under a mixture of these methods but that is based on client requirements.

Web Applications have become critical to organisations across the world, enabling business to reach out to the global consumer and operate internationally with ease.  They are also the public face of a company and sometimes the first point of contact a customer can have with the organisation.  It is therefore essential that these applications are adequately tested against malicious actors, whether that is to assure the protection of personal and/or sensitive data or ensuring your websites stays up and running.

At Bridwell Consulting our Application Penetration Test focuses on vulnerabilities such as the Open Web Application Security Project (OWASP) framework, as well as a number of carefully selected industry sources.  This ensures we identify a web application’s weaknesses prior to a malicious attacker finding them.

This testing can be conducted on or off a customer premises dependant on requirements.  Testing can be completed under a White Box methodology, where the tester has knowledge and internal credentials of the customer or a Black Box methodology whereby the tester has no credentials and only uses publicly accessible information to mount an attack.  Often testing is done under a mixture of these methods but that is based on client requirements.

There are many areas and techniques used as part of conducting an Application Penetration test, such as passive information gathering, session management, configuration reviews, authentication mechanisms and data validation controls.

Smart phones are increasingly becoming an enabler for organisation’s to operate effectively within every location. Mobiles now need to be considered as a key access point to an organisations environment as hackers are also shifting their attention to mobiles.

If a mobile application plays a significant part in your organisation’s strategy, then our Mobile Application penetration testing is a necessity.

In order to employ a consistent approach to testing, Bridewell Consulting use the Mobile OWASP Top 10 as a testing framework and carefully selected industry sources. Our testing identifies application vulnerabilities whether that be as a registered user or a unregistered user with no access.

We don’t just leave you worry about what we’ve identified, we provide you with the best remediation advice and can oversee that process to ensure your organisation has the right level of assurance that its key mobile applications are operating securely.

Wireless security under the 802.11 standard is inherently insecure. Our penetration testers can help your organsiation assess the security posture of your Wireless infrastructure and supporting procedures.

We’ll conduct testing, identify security issues and assess the reliability of your wireless network infrastructure.

This can include specific types of tests or a combination of testing such as
•  Wireless Man-in-the Middle Attack Testing
•  Wireless Distributed Denial of Service DDoS Attack Testing
•  Bluetooth Attack Testing
•  Wireless Authentication & Encryption Attack Testing
•  Wireless Configuration Tests

These types of wireless network penetration tests is primarily conducted on client premises and can be performed at any time to suite client requirements. At the end of the wireless tests you will also receive detailed remediation guidance, providing you with a roadmap to improving your wireless security.

Social Engineering is one of the most overlooked form of security testing in organisations to date.

We use the Social Engineering Framework to test an organisation’s security policies and procedures to see if they are widely understood across the organisation and more importantly are being adhered to.

We can work with you to develop a covert project activity that will test your organisation and employees. Often employees can think they are being helpful and disclose sensitive information or automatically assume a level of trust when dealing with people by telephone and/or email. Through a range of social engineering penetration tests we can identify operational weakness and help you improve your organisational practices.

We can work with you to develop a covert project activity that will test your organisation and employees.  Often employees can think they are being helpful and disclose sensitive information or automatically assume a level of trust when dealing with people by telephone and/or email.  Through a range of tests we can identify operational weakness and help you improve your organisational practices.

A Red Team Exercise is an all-out attempt to gain access to a system by any means necessary, and usually includes cyber penetration testing, physical breach, testing all phone lines for modem access, testing all wireless for potential access, and also testing employees through several scripted social engineering and phishing tests.

These are real life exercises carried out by an elite small team of trained professionals that are hired to test the physical, cyber security, and social defenses of particular system.

Often, clients are not always in control of all aspects of the security of their systems. Whether this is outsourcing physical security, managed security, cyber security monitoring, secure configuration of infrastructure or even using contractors and outside firms for securing IT systems.

Since all it takes is the weakest link for a security breach to occur, it is important to test all facets of a security program to determine where the breaking points exist. For this reason, we advocate using a Red Team Exercise to mimic the same process that a motivated attacker would follow to map out an organisation’s infrastructure, perform reconnaissance at key physical installations, and then test the physical, cyber, and social defenses all at once through a staged exercise.

We have the resources, methodology, and experience to perform these tests in a safe manner that does not impose any operational risk to our clients.

Get in touch

to find out more about Penetration Testing

Other Cyber Security Services

Close Menu