Network Penetration Test

share close

What is it?

A network-based penetration test is an objective-based security assessment of
your internet-facing services, or your internal network’s security posture.

A typical example of an objective could be:

  • Identify and exploit vulnerability in an internet-facing service, use it to gain access into an internal network, such as an office or a data centre, and access Personally Identifiable Information (PII) of customers or staff members
  • From a network connection in an office, identify and exploit any vulnerabilities in an internal network that could be used to compromise an internal system of importance, such as a finance or HR system

What is the output from this assessment?

A full technical report will include the following:

  • Executive Summary – explanation of the vulnerabilities encountered, the risk they pose to your organization, whether the objective was completed and recommendations of any remedial action that should be taken
  • Summary of Findings – a table of all vulnerabilities noted during the assessment, the vulnerability title, its risk rating, and the vulnerability’s current state
  • Detailed Findings:
    • The vulnerability’s risk rating
    • The system, URL or process that contains the vulnerability
    • How the vulnerability was exploited
    • The risk posed to the organization
    • Full technical details of how to replicate the vulnerability
    • Remediation advice
  • Appendices – vulnerability output that was noted in the engagement

When evaluating the overall risk rating for each vulnerability, the following factors will be considered:

  • Impact – the impact that exploitation of this vulnerability will have on the business or organization
  • Risk – the risk posed to the organization if this vulnerability is exploited
  • Likelihood – the likelihood that this vulnerability could be exploited

Each vulnerability will have a remediation recommendation, which will include either:

  • Official fix, such as a firmware upgrade for hardware, or a patch for a publicly disclosed vulnerability
  • When there is no official fix a workaround can be used
  • Process improvement for when exploitation of vulnerability is caused by a business process
Open chat
Can we help you?