A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.

Penetration testing is typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources, specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.

Request a Quote: pentest@secur.co.za

Information about any security vulnerabilities successfully exploited through penetration testing is typically aggregated and presented to IT and network system managers to help those professionals make strategic conclusions and prioritize related remediation efforts. The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.

penetration testing

Secur security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behaviour can help you:

  • Determine whether your critical data is actually at risk
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them
  • Gain insight into attacker motivations and targets
  • Get quantitative results that help measure the risk associated with your critical assets
  • Identify and mitigate vulnerabilities and misconfigurations that could lead to future compromise

What you get

  • High-level executive summary report
  • Technical documentation that allows you to recreate our findings
  • Fact-based risk analysis to validate results
  • Tactical recommendations for immediate improvement
  • Strategic recommendations for long-term improvement

Penetration tests conducted by Secur Consultants are customized to your environment; no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organisation.

Which countries do we operate our Penetration Testing services in?

Secur is able to deliver Penetration Testing  services across Africa, especially in South Africa, Nigeria, Rwanda, Botswana, Eswatini, Lesotho and Namibia

Types of penetration testing

Different types of pen testing will focus on various aspects of your organisation’s logical perimeter. This boundary separates your network from the Internet.

External infrastructure (network) penetration tests

An external network penetration test assesses your network for vulnerabilities and security issues in servers, hosts, devices and network services. External penetration testing will:

 

  • Identify and assess all Internet-facing assets a criminal hacker could use as potential entry points into your network.
  • Evaluate the effectiveness of your firewalls and other intrusion-prevention systems.
  • Establish whether an unauthorised user with the same level of access as your customers and suppliers can access your systems via the external network.

Internal infrastructure (network) penetration tests

An internal, or internal infrastructure penetration test assesses what an insider attack could accomplish. An insider refers to anyone that has access to organisational applications, systems and data. This can include employees, contractors or partners.

 

Internal network test generally:

  • Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
  • Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
  • Checks for misconfigurations that would allow employees to access information and inadvertently leak it online

Wireless network penetration tests

If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests.

 

 

 

These include:

  • Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
  • Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
  • Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
  • Identifying legitimate users’ identities and credentials to access otherwise private networks and services.

Web application (software) penetration tests

web application penetration test aims to identify security vulnerabilities resulting from insecure development practices in the design, coding and publishing of software or a website.

 

 

Web app penetration tests test will generally include:

  • Testing user authentication to verify that accounts cannot compromise data;
  • Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security

Specialised Pentests

Mobile App Security Testing

The service is designed to rigorously push the defences of not only the app itself, but also the servers it interacts with. It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.

 

A final written report provides an analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving the security of both the app and the web services it uses.

The Mobile App Security Testing service can be used to ensure compliance with PCI DSS requirement 11.3, (penetration testing) as it includes both network and application layer testing. Secur is a PCI Approved Scanning Vendor (PCI ASV).

Cloud Penetration Testing

Secur offers Cloud Penetration Testing services designed specifically for applications and databases running on (1) Amazon Web Services (AWS), (2) Google Cloud Platform (GCP) and (3) Microsoft Azure. Our cloud pen testing service addresses misconfiguration and incorrect implementation issues that may leave your cloud-hosted applications vulnerable to cyber attacks.

Our cloud security engineers understand this difference. We can help you secure your cloud-hosted apps against intrusion attempts by outsiders, in addition to minimizing configuration errors by insiders to prevent data leaks.

 

 

 

Telecom Security Assessment

Secur’s  Security Assessment provides full visibility into the actual state of signalling protection for SS7, Diameter, GTP. Test how well your security is performing and see what risks are lurking.

By knowing which attacks are successful, Secur’s Security Assessment is the key for building a management process to handle signalling vulnerabilities and keep your network and subscribers safe.


Ready to get started?

Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.

Secur has a robust testing methodology that extends across infrastructure and application testing engagements. Although every penetration test is tailored to our client’s individual needs, we follow the same proven methodology so as to maintain a consistent and reproducible set of results.

From a high-level perspective, Secur’s infrastructure testing methodology is based around seven core phases:

  • Phase 1: Scoping
  • Phase 2: Reconnaissance and Enumeration
  • Phase 3: Mapping and Service Identification
  • Phase 4: Vulnerability Analysis
  • Phase 5: Service Exploitation
  • Phase 6: Pivoting
  • Phase 7: Reporting and Debrief

our services meet the following standards :


Get in Touch

+27 (0) 11-881-5943
Click to email
Request a Quote