Penetration Testing
Learn exactly how vulnerable your most critical assets are to cyber attacks
Organisations do all they can to protect their critical cyber assets, but they don’t always systematically test their defences. Penetration Testing from Secur Consulting helps you strengthen your security for those assets by pinpointing vulnerabilities and misconfigurations in your security systems.
Penetration Testing Overview
Secur security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behaviour can help you:
- Determine whether your critical data is actually at risk
- Identify and mitigate complex security vulnerabilities before an attacker exploits them
- Gain insight into attacker motivations and targets
- Get quantitative results that help measure the risk associated with your critical assets
- Identify and mitigate vulnerabilities and misconfigurations that could lead to future compromise
What you get
- High level executive summary report
- Technical documentation that allows you to recreate our findings
- Fact-based risk analysis to validate results
- Tactical recommendations for immediate improvement
- Strategic recommendations for long-term improvement
Penetration tests conducted by Secur Consultants are customized to your environment; no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organisation.
External Penetration Tests
Identify and exploit vulnerabilities on systems, services and applications exposed to the Internet
Benefits
Understand risk to assets exposed to the internet.
Internal Penetration Tests
Emulate a malicious insider or an attacker that has gained access to an end user's system, including escalating privileges, installing custom crafted malware and/or exfiltrating faux critical data.
Benefits
Understand risk to business from a breach.
Web Application Assessments
Comprehensively assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure
Benefits
Understand the security of applications that broker access to critical data.
Mobiles Application Assessments
Comprehensively assess the security of mobile devices and installed applications
Benefit
Understand risk introduced to your organisation through newly developed mobiles applications or company-issued cell phones
Social Engineering Services
Assess security awareness and general security controls with respect to human manipulation, including email, phone calls, media drops, and physical access
Benefits
Understand how your organisation reacts to exploitation of human beings
Wireless Technology Assessment
Assess the security of your deployed wireless solution, be it an 802.x, Bluetooth, zigbee, or others
Benefits
Understand how to secure your data in transit and systems communicating via wireless technology actually are.
Embedded Device and Internet of Things (IoT) Assessments
Assess the security of your device by attempting to exploit the embedded firmware, control the device by passing or injecting unsolicited malicious commands, or modify data sent from the device.
Benefits
Understand the security of your device and your ability to guarantee that the commands issued to and information received from it are legitimate.
ICS Penetration Testing
Combine penetration testing and exploitation experience with ICS expert knowledge to prove the extent an attacker can access, exploit or otherwise manipulate critical ICS/SCADA systems
Benefits
Understand the vulnerabilities in your ICS system before an attacker exploits them
Our approach
The penetration testing service applies a systematic approach to uncovering vulnerabilities that leave your critical assets at risk and is comprised of four steps: target reconnaissance, vulnerability enumeration, vulnerability exploitation and mission accomplishment.
- In target reconnaissance, Secur consultants gather information about your environment, including company systems, usernames, group memberships and applications.
- For vulnerability enumeration, Secur security professionals seek to identify your exploitable vulnerabilities and determine the best way to take advantage of them.
- In vulnerability exploitation, penetration testers attempt to realistically exploit the identified vulnerabilities using a combination of publicly available exploit code, commercial penetration testing tools and customized exploit code and tools.
- In mission accomplishment, Secur experts gain access to your internal environment. Tactics could include through the internet, by stealing data from segmented environments, or subverting a device with malicious commands.
Ready to get started?
Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.
Secur has a robust testing methodology that extends across infrastructure and application testing engagements. Although every penetration test is tailored to our clients’ individual needs, we follow the same proven methodology so as to maintain a consistent and reproducible set of results.
From a high level perspective, Secur’s infrastructure testing methodology is based around seven core phases:
- Phase 1: Scoping (Download the appropriate scoping form at the bottom of this page)
- Phase 2: Reconnaissance and Enumeration
- Phase 3: Mapping and Service Identification
- Phase 4: Vulnerability Analysis
- Phase 5: Service Exploitation
- Phase 6: Pivoting
- Phase 7: Reporting and Debrief
Learn more about Secur’s cybersecurity services:
Pricing
Service | Size/ Scope | Price |
Web Application Pen Test | Per Application | R 20 000.00 Including VAT |
Network Penetration Testing | 1 - 200 Users on the network | R 22 000.00. Including VAT |
Network Penetration Testing | 200 - 1000 Users on the network | R 136 000.00 Including VAT |
Mobile Application Penetration Testing | Per Mobile Application | R 28 000.00 Including VAT |
Code Review | Per Web/Mobile Application | R 25 000.00 Including VAT |
Scoping Forms
Click the below links to download the scoping forms