Penetration testing simulates an attacker attempting to gain access to a specified target server or application. Testing involves the use of automated testing tools as well as manual test methods to review the security from an external or internal perspective. Usual objectives during penetration testing projects are to review web application security, and the strength of perimeter devices.
Insomnia offers different types of penetration testing services, depending on your requirements, as well as our Red Team Testing service for a full perimeter review.
External Penetration Testing
Externally facing systems are constantly at risk of attack from the Internet. Newly developed applications, web sites and servers to be deployed should all be tested prior to making them publicly accessible to ensure the security of the network as a whole.
The team at Insomnia Security has years of experience in carrying out penetration tests against externally facing network devices, servers and web applications developed on all platforms, and can assure you of a high level of security after a review has been completed.
Internal Penetration Testing
It is common knowledge that a large number of information security attacks occur from within. By allowing Insomnia to step into the role of an employee, we are able to review the network from the inside to determine the security posture of the internal network.
Usually specific targets are set for the penetration testing, such as accounting/payroll/research systems, with the aim of gaining unauthorised access to the targets from various starting points.
- Attempted unauthorised access to applications, websites, user data, services or internal network devices
- Credential brute forcing and password guessing
- Researching previously undiscovered vulnerabilities
- Testing for all known web application vulnerabilities
- Vulnerability assessment and network service review
Increasing The Value Of Penetration Testing is a whitepaper, which explains how you as a customer can gain more value from penetration testing. The companion presentation can be downloaded from our releases section.
Full service descriptions, methodologies and sample reports are available upon request