Penetration Testing

Our experienced team regularly organises penetration tests for our clients. Penetration testing forms an essential component of the ISO 27001 accreditation, GDPR compliance, and PCI DSS, some of our core services. We understand how important it is for your organisation to have the peace of mind about the security of your IT infrastructure.

"Identifying the risks before somebody else does"

External Penetration Tests

External network penetration tests identify any potential vulnerabilities that could allow a hacker access to your systems. Such vulnerabilities may consist of factors such as poor hardware configurations, ineffective system configuration, weak security systems controls, or poor design and coding standards.

Findings could include the discovery of weak passwords, unpatched or poorly configured systems, the location of malware, or insecure confidential data.

Benefits

  • Identifies existing effective network security, such as intrusion detection and prevention systems, implemented application defences, and firewalls
  • Meets industry compliance
  • Tests your organisation’s incident response capabilities
  • Tests your organisation’s external monitoring
  • Provides organisational security awareness
  • Identifies insufficient access controls
  • Results in protection from external threats

 Internal Penetration Tests

Kindus’ internal network penetration tests focus on the threats that your organisation faces from the inside. This could range from staff accidentally deleting or damaging data, to deliberately trying to steal information or compromise your systems. As staff typically have greater permissions than an outside agent, the internal network is where your organisation is most vulnerable.

Our penetrations tests check for misconfiguration in networks and web applications, for example, error handling and configuration management, that would allow access to sensitive information. Our penetration tests can also identify information exposed to an unauthorised user who has network-level access to your organisation’s IT environment.

Benefits:

  • Identifies existing effective internal network security
  • Tests your organisation’s internal monitoring and incident response capabilities
  • Identify improvement areas to achieve adequate security
  • Develop long-term strategic solutions to prevent weaknesses from recurring
  • Meets industry compliance
  • Provides organisational security awareness
  • Results in protection from internal threats and prevents the misuse of internal user privileges

Phishing

Kindus’ phishing penetration tests will establish how susceptible your employees are to phishing emails, and whether you need to provide more training and awareness. Phishing is particularly dangerous because it relies on the willingness of employees. Whilst plenty of time and resources are generally dedicated to cyber security, it only takes one employee falling victim to a phishing attack to compromise an organisation’s data.

Our penetration tests will give you an independent assessment of employee vulnerability. Should your employees demonstrate weaknesses, we have a vast experience in staff training through online modules to heighten awareness of how phishing attacks function.

Benefits:

  • Reduce the risk of scams and the spread of malware
  • Understand how a phishing attack can impact your organisation
  • Justify committing resources to hardening defence systems
  • Test the effectiveness of log management and correlation tools
  • Test the scanning of inbound and outbound communications
  • Close the path of advanced malware to your systems

Web Application

Kindus’ web application penetration tests mitigate the risk of your website becoming a target of cyber criminals. As web applications and services become ever more elaborate, they have become a more attractive target for cyber criminals.

Cyber criminals will seek to compromise your organisation’s site by attacking vulnerable web application deployments. It is simply not enough to rely on traditional firewalls and other security controls as they cannot defend against or alert you to attack vectors specific to web applications.

Our penetration tests’ focus on input validation, identifying weak passwords and poorly implemented access controls will ensure your organisation’s website is not vulnerable to cyber criminals.

Benefits:

  • Tests your organisation’s incident response capabilities
  • Tests your organisation’s monitoring
  • Meets industry compliance
  • Non-intrusive
  • Unbiased testing – firm boundary between tester and developer
  • Combined benefit of White-Box and Black-Box testing
  • Results in protection from threats and prevents the misuse of web user privileges

Wireless

Kindus’ wireless network penetration tests ensure that your business is not susceptible to cyber attacks via the WLAN. With wireless networks now a standard in any organisation, the threat is much greater than with a wired network. Wireless networks expand your organisation’s logical perimeter, and threats can consist of anything from rogue access points to weak encryption algorithms.

Cyber criminals can use rogue access points to record wireless network traffic, enabling them to gather information such as logins, passwords, and intranet server addresses, steal Internet bandwidth, transmit spam or use your network to attack others. Our penetration tests can minimise these threats through determining the vulnerable access points of your organisation.

The benefits:

  • Detect vulnerabilities, rogue access points and misconfigured wireless devices
  • Ensure compliance with PCI DSS and other standards
  • Harden the wireless access path to your internal network
  • Audit security monitoring procedures and incident response tactics
  • Provide management with a proof of exploit, outlining assets than an attack can compromise
  • Reduce the risk and legal ramifications of a business breach
  • Prevent unauthorised use of your organisation’s wireless network as a base for launching cyber attacks