Penetration Testing
Penetration testing simulates an attacker attempting to gain access to a specified target server or application. Testing involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective. Usual objectives during penetration testing projects are to review web application security, and the strength of perimeter devices.
External Penetration Testing
Externally facing systems are constantly at risk to attack from the Internet. Newly developed applications, web sites and servers to be deployed should all be tested prior to making them publically accessible to ensure the security of the network as a whole.
The team at Insomnia Security has years of experience in carrying out penetetration tests against externally facing network devices, servers and web applications developed on all platforms, and can assure you of a high level of security after a review has been completed.
Internal Penetration Testing
It is common knowledge that a large number of information security attacks occur from within. By allowing Insomnia to step into the role of an employee, we are able to review the network from the inside to determine the security posture of the internal network.
Usually specific targets are set for the pentration testing, such as accounting/payroll/research systems, with the aim of gaining unauthorised access to the targets from various starting points.
Review Includes
- Attempted unauthorised access to applications, websites, user data, services or internal network devices
- Credential brute forcing and password guessing
- Researching previously undiscovered vulnerabilities
- Testing for all known web application vulnerabilities
- Vulnerability assessment and network service review
Increasing The Value Of Penetration Testing is a whitepaper, which explains how you as a customer can gain more value from penetration testing. The companion presentation can be downloaded from our publications section.
Full service descriptions, methodologies and sample reports are available upon request
