Managed Penetration Testing

A network penetration test aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services. 

 This generally includes: 

• Identifying and assessing all Internet-facing assets a criminal hacker could use as potential entry points into your network;
• Assessing the effectiveness of your firewalls and other intrusion-prevention systems; and
•  Establishing whether an unauthorised user with the same level of access as your customers and suppliers can gain access to your systems via the external network. 

Clients will receive information about the identified vulnerabilities in a format that allows them to assess their relative business risk and the cost of remediation. This information can be used to resolve the vulnerabilities in line with the network owner’s budget and risk appetite.

Internal penetration testing assesses what an insider attack could accomplish. The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorised access or is starting from a point within the internal network.

An internal network test generally:

• Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
• Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
• Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.

Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the network owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding and publishing of software or a website.

This generally includes:

• Testing user authentication to verify that accounts cannot compromise data;
• Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
• Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
• Safeguarding web server security and database server security.

The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks

Teceze simulated phishing attack aims to establish whether your employees are vulnerable to phishing emails, so you can take immediate action to improve your cyber security. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns.
After completing the simulation, the results of the test can be shared with employees. As part of this feedback, Teceze has developed an e-learning module to help your staff understand how phishing attacks work, the tactics that cyber criminals employ to lure inattentive users, and how to spot and avoid a phishing campaign

Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical.
Teceze Social engineering penetration tests provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training.

Our social engineering penetration test will help you:

• Establish the publicly available information that an attacker could obtain about your organisation;
• Evaluate how susceptible your employees are to social engineering attacks;
• Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
• Develop a targeted awareness training programme.

Wireless networks are everywhere. Employing a wireless solution can offer greater flexibility, but it comes with greater potential for the attack as it expands your organisation’s logical perimeter. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant.

Wi-Fi can provide opportunities for attackers to infiltrate an organisation’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.

Wireless network testing generally includes:

• Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
• Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
• Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
• Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
• Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. They can then be resolved in line with the network owner’s budget and risk appetite, helping them respond proportionately to cyber

The benefits of completing a wireless network penetration test

• Get real-world insight into your vulnerabilities.
• Detect default Wi-Fi routers.
• Identify rogue or open access points.
• Spot misconfigured or accidentally duplicated wireless networks.
• Flag security vulnerabilities in Bluetooth technology.
• Identify insecure wireless encryption standards (such as WEP)