What is

Penetration Testing

Penetration testing, also referred to as pen testing, is a simulated real world attack on a network, application, or system that identifies vulnerabilities and weaknesses. Penetration tests (pen tests) are part of an industry recognised approach to identifying and quantifying risk. They actively attempt to ‘exploit’ vulnerabilities and exposures in a company’s infrastructure, applications, people and processes. Through exploitation, Condition Zebra is able to provide context around the vulnerability, impact, threat and the likelihood of a breach in an information asset.

It is frequently possible for a pen tester to gain remote access to operating systems, application logic and database records. Through active exploitation of direct and interconnected systems, Condition Zebra can provide strategic guidance on risk and tailored advice on counter measures.

does my organization need

Penetration Testing?

With threats constantly evolving, it’s recommended that every organisation commissions penetration testing at least once a year, but more frequently when:

 

Making significant changes to company infrastructure

Launching new products and services

Undergoing a business merger or acquisition

Preparing for compliance with data security standards

Utilising and/or developing custom applications

Our Penetration Testing Services Include But Are Not Limited To:

Network Penetration Testing (Internal and External)

Internal Penetration Testing is an authorised internal hacking attempt aimed at identifying and exploiting vulnerabilities within an organisation’s perimeter defences.

Testers are typically given onsite access through an Ethernet cable (similar to the way employees or contractors could connect to an internal environment). They then attempt to escalate privileges and gain access to critical information. 

For certain environments, such as data centres, we can supply specific jump posts that we use to test remotely via your organisation’s VPN access.

Benefits of Internal Penetration Testing:

  • Reduce risk to business continuity and the cost of being non-compliant
  • Ensure compliance with PCI DSS and other security standards
  • Harden your network against information leakage through current or terminated employees, or through data that may be available online
  • Detect installations which are non-compliant with your organisation’s internal policy, and which may serve as a pivot for external attackers
  • Provide management with a proof of exploit, which outlines the assets that an attack can compromise.
  • Avoid adding unnecessary security layers before receiving an independent attestation on the effectiveness of current systems
  • Detect known vulnerabilities and discover unknown vulnerabilities, which may be exploited to access privileged information
  • Audit security monitoring procedures and test your incident response tactics.

External Penetration Test is an authorised hacking attempt against an organisation’s internet facing servers such as web and email servers and ecommerce sites.

This test is aimed at hardening the external facing network against attackers attempting to compromise vulnerable hosts from outside an organisation’s perimeter.

Benefits of External Penetration Testing:

  • Reduce risk to business continuity and the cost of being non-compliant
  • Provide management with a proof of exploit, which outlines the assets that an attack can compromise
  • Avoid the costs of adding unnecessary security layers before receiving an independent attestation on the effectiveness of current systems 
  • Detect known vulnerabilities and discover unknown vulnerabilities which may be exploited to access privileged information
  • Audit external security monitoring procedures and test your incident response tactics
  • Detect installations which are non-compliant with your internal policy and which may serve as a pivot for external attackers
  • Harden systems and network against host compromise
  • Get independent security verification of your organisation’s internet facing presence 
Web Application Penetration Testing

A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding and publishing of software or a website.

A web applications test will generally include:

  • Testing user authentication to verify that accounts cannot compromise data;
  • Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security.

The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

Thick Client Penetration Testing

A thick client, also known as Fat Client is a client in client–server architecture or network and typically provides rich functionality, independent of the server. In these types of applications, the major processing is done at the client side and involves only aperiodic connection to the server.

The most common thick clients are the three tiers where the applications talks to the application server via communication protocol such as HTTP/HTTPS.

 Application security assessments of web applications are comparatively easier than thick client application, as these are web based applications which can be intercepted easily and major processing takes place at the server side.

Since the thick client applications include both local and server side processing, it requires a different approach for security assessment. The type of web based vulnerabilities such as Cross Side Scripting and Clickjacking Attacks which are browser based vulnerabilities are no more applicable.

The critical vulnerabilities faced by thick client application such as sensitive data storage on files and registries, DLL, Process and File injection, Memory & Network Analysis are sample techniques utilized by Condition Zebra’s consultants in assessing thick client’s vulnerabilities.

Mobile Application Penetration Testing

A Mobile Application Penetration Test is an authorised and simulated hacking attempt against a native mobile application such as Android, Windows, and iOS. The purpose of this test is to identify and exploit vulnerabilities in an application, and the way it interacts and transfers data with the backend systems.

Wireless Penetration Testing

A Wireless Penetration test is an authorised hacking attempt, which is designed to detect and exploit vulnerabilities in security controls employed by a number of wireless technologies and standards, misconfigured access points, and weak security protocols. 

Benefits of Internal Penetration Testing:

  • Ensure Compliance with PCI DSS and other security standards
  • Audit security monitoring procedures and incident response tactics
  • Detect vulnerabilities, misconfigured wireless devices, and rogue access points
  • Reduce the risk and legal ramifications of a business breach 
  • Harden the wireless access path to your internal network
  • Get independent security verification – of encryption and authentication policies – for devices interacting with your wireless network
  • Prevent unauthorised use of your wireless network as a pivot for cyber attacks, which may be traced back to your organisation
  • Provide management with a proof of exploit, which outlines the assets that an attack can compromise; such as, compromising critical data or gaining administrative level rights over routers and switches

Database Penetration Testing

Database Vulnerability Assessments are integral to a systematic and proactive approach to database security. This form of penetration testing reduces the risk associated with both web- and database-specific attacks, and is often required for compliance with relevant standards, laws & regulations.

Benefits of Database Penetration Testing:

  • Quickly identify configuration errors, default settings, coding errors, and patch management issues in an automated manner in an economical fashion;
  • Capable of being run on automated, regular basis to provide baseline and ongoing vulnerability management metrics; and,
  • Can be used to focus other database assessment activities on those areas of greatest concern.
Host Assessment

A host assessment is a systematic review of security weaknesses in an information system. It evaluates if the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and whenever needed.

Benefits of Host Assessment:

  • Identify known security exposures before attackers find them.
  • Create an inventory of all the devices on the network, including purpose and system information. This also includes vulnerabilities associated with a specific device.
  • Create an inventory of all devices in the enterprise to help with the planning of upgrades and future assessments.
  • Define the level of risk that exists on the network.
  • Establish a business risk/benefit curve and optimize security investments

INFORMATION SECURITY SERVICES

Benefits of Network Penetration Testing

  • Fixing vulnerabilities before they are exploited by cybercriminals
  • Providing independent assurance of security controls
  • Improving awareness and understanding of cyber security risks
  • Supporting PCI DSS, ISO 27001 and GDPR compliance
  • Demonstrating a continuous commitment to security
  • Supplying the insight needed to prioritise future investments

about our penetration testing

Methodologies

Penetration testing is not just getting a vulnerability scanner to scan and compile the report. If you are looking for a vulnerability scanner or security assessment checklist, we are not the right service provider to you. We provide a unique penetration testing with a combination of vulnerability assessment technologies, standard penetration testing methodologies, and advanced manual testing by our penetration testers. We blend our research and real life experience in information security in our penetration testing methodologies to maintain high quality services.

Our Expert

With more than 10 years of experience in information security, our team has involved in various projects such as penetration testing, vulnerability assessment, digital forensic, security advisory and consultation. Furthermore, our security engineers and penetration testers eat, sleep, play and love security.

Comprehensive Report and Support

Unlike normal penetration testing report, we provide all necessary information and support that you need to understand and fix the vulnerability. Even after submitting the report to you, our penetration testing team will assist you in your vulnerability fixing and retest.

Affordable Pricing

Yes, penetration testing is an expensive service. In the meantime, we also understand the importance of penetration testing to our customer, and their limited annual information security budget. In order to achieve a win-win situation, we are offering our high-end penetration testing at a low and affordable price.

Proven Records

Over the years, we have been offering penetration testing services to various corporate & government agencies.

Ready to Secure Your Company IT Infrastructure?

OUR TEAMS ARE AVAILABLE to assist you
Get In Touch