Penetration Testing Services

Subverting external facing network and application firewalls is a key strategy to gaining access to high value targets. Network and Application firewalls are the gatekeepers to corporate networks and as such should be well configured and tested regularly.

These servers are normally serve up important business content to the public and clients, as such are prime targets for hackers. Compromising a web server can lead to exploiting back-end databases and other servers hosting sensitive data.

At the heart of every business’s IT network lies the Domain Name System (DNS). Translating domain names, or website addresses, into numerical machine-readable Internet Protocol (IP) addresses, it is known as the address book of the internet and, as such, is a mission-critical part of IT infrastructure for all organizations and one without which they cannot function. Testing DNS security is more critical than ever.

Compromised email servers can wreak havoc to any business, since email facilitates a critical business function for corporations, clients and partners. Email servers often transmit and contain company sensitive information that can introduce privacy, regulatory and reputational risks if exposed.

DMZ hosted servers are ever popular targets as they are internet accessible and may have connectivity to back-end applications and databases. Often being transactional systems facilitating payments or other processing of sensitive data. Hardening and testing these servers is critical, and often required at least annually, especially those in scope of PCI DSS processing or storing cardholder data.

Often facilitating remote access for employees, partners or vendors into internal networks resources, misconfiguration of access can lead to unauthorized access and the compromising of internal systems. Access can then be leveraged for malware and other attacks.

Internet-facing network devices are prime targets for hackers as these devices provide critical connectivity between public and private networks. They also serve as targets of denial of service attacks. Testing for the hardening of these devices is crucial to identify misconfigurations and ensure exploitable vulnerabilities are identified.