Vulnerability Assessment & Penetration Testing

Determine your IT risk exposure and the effectiveness of your security controls.

Ntrust provide businesses with reassurance and can facilitate regulatory compliance by delivering a comprehensive range of vulnerability assessment and penetration testing services.

Regular assessment of your system’s vulnerabilities and testing of security controls will reveal how vulnerable your infrastructure is from an attacker’s perspective.

Depending on your organisation’s requirements, these services can be customised for specific scenarios, such as API and web applications, hosted infrastructure, internal LANs, and any other specific environment in which uptime is critical or where a compromise could place sensitive data at risk.

Assessment and Testing Objectives

Knowing your objectives for conducting a vulnerability assessment or penetration test will enable Ntrust to design an assessment or test that will best deliver on your requirements.

CONSIDER THE FOLLOWING POSSIBLE OBJECTIVES:

  • Is the assessment purely to meet regulatory or auditing requirements?
  • Has there been an attack on your systems and do you now require assurance that security gaps have been closed?
  • Has your organisation reached the next security maturity level, which necessitates more in-depth assessments and testing being done?
  • Do you have a new system that requires a level of security vetting before being implemented into production?

Who do you want to defend against?

Threats vary in sophistication, intensity and stealth – ranging from concerted efforts by governments to “script kiddies” experimenting with hacks.

Our vulnerability assessment and penetration testing will highlight at what risk your infrastructure is, and to what level your existing defences will protect you. For instance, will a “script kiddie” be capable of compromising your environment, or will compromise require the extensive resources and expertise of organised crime?

Assessments and tests to determine the level of protection required

Vulnerability Assessment

The objective here is to find as many vulnerabilities as are present in an environment, in order for them to be remediated – thereby rendering the client more secure. The assessment can be very broad or it may target a specific set of systems, such as web applications.

The assessment report provides a prioritised list of vulnerable areas. The client can then have these remediated.

Penetration Test

Each penetration test has a clear goal set as the deliverable. The test mimics the actions a hacker might take. The goal could be to obtain some defined confidential data, gain access to a particular system or even gain physical access. Penetration tests are ideally suited to organisations with high security maturity.

These organisations may have complete trust in their existing defences. Penetration tests allow for the validation or disproof of the efficiencies of these defences.

Social Engineering Assessment

Organisations often overlook this attack vector (or path of attack). Social engineering can be very effective and crippling. Most breaches today include elements of social engineering as part of the attack. Phishing is the most prevalent type, but there are many other forms of social engineering.

A social engineering assessment will provide your organisation with insight into how vulnerable it may be to social engineering attacks.

Physical Penetration Testing

Physical security is often overlooked as a component of data and system security in today’s technological world. While frequently forgotten, it is no less critical than timely patches, appropriate password policies, and proper user permissions. An organisation can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard or, worse yet, march hardware right out the door.

Web Application Assessment

Web applications are a common attack vector (or path of attack). More often than not these applications are vulnerable in one way or another. Most web application design briefs do not include security as part of the specifications. Instead they focus on ease of use, development timelines and features. This leaves most applications vulnerable.

Ntrust’s assessments identify weaknesses in web applications and APIs, in order for these to be secured.

Wireless Network Security Assessment

Most wireless network security mechanisms can be breached in a matter of minutes, allowing hackers to access the network.

A wireless network assessment by Ntrust will provide an organisation with insight into the level of risk exposure its wireless network introduces to the organisation’s infrastructure.

Get in touch and gain insight into your vulnerability state