A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behaviour. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as end-user adherence to security policies.
Penetration testing is typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources, specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.
Request a Quote: firstname.lastname@example.org
Information about any security vulnerabilities successfully exploited through penetration testing is typically aggregated and presented to IT and network system managers to help those professionals make strategic conclusions and prioritize related remediation efforts. The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.
Secur security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behaviour can help you:
- Determine whether your critical data is actually at risk
- Identify and mitigate complex security vulnerabilities before an attacker exploits them
- Gain insight into attacker motivations and targets
- Get quantitative results that help measure the risk associated with your critical assets
- Identify and mitigate vulnerabilities and misconfigurations that could lead to future compromise
What you get
- High-level executive summary report
- Technical documentation that allows you to recreate our findings
- Fact-based risk analysis to validate results
- Tactical recommendations for immediate improvement
- Strategic recommendations for long-term improvement
Penetration tests conducted by Secur Consultants are customized to your environment; no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organisation.
Which countries do we operate our Penetration Testing services in?
Secur is able to deliver Penetration Testing services across Africa, especially in South Africa, Nigeria, Rwanda, Botswana, Eswatini, Lesotho and Namibia
Types of penetration testing
Different types of pen testing will focus on various aspects of your organisation’s logical perimeter. This boundary separates your network from the Internet.
External infrastructure (network) penetration tests
Internal infrastructure (network) penetration tests
An internal, or internal infrastructure penetration test assesses what an insider attack could accomplish. An insider refers to anyone that has access to organisational applications, systems and data. This can include employees, contractors or partners.
|Internal network test generally:
Wireless network penetration tests
If you use wireless technology, such as Wi-Fi, you should also consider wireless network penetration tests.
Web application (software) penetration tests
A web application penetration test aims to identify security vulnerabilities resulting from insecure development practices in the design, coding and publishing of software or a website.
|Web app penetration tests test will generally include:
The service is designed to rigorously push the defences of not only the app itself, but also the servers it interacts with. It is suitable for commissioning, third party assurance, post-attack analysis, audit and regulatory purposes where independence and quality of service are important requirements.
|A final written report provides an analysis of any security or service problems discovered together with proposed solutions, links to detailed advisories and recommendations for improving the security of both the app and the web services it uses.
The Mobile App Security Testing service can be used to ensure compliance with PCI DSS requirement 11.3, (penetration testing) as it includes both network and application layer testing. Secur is a PCI Approved Scanning Vendor (PCI ASV).
Cloud Penetration Testing
Secur offers Cloud Penetration Testing services designed specifically for applications and databases running on (1) Amazon Web Services (AWS), (2) Google Cloud Platform (GCP) and (3) Microsoft Azure. Our cloud pen testing service addresses misconfiguration and incorrect implementation issues that may leave your cloud-hosted applications vulnerable to cyber attacks.
|Our cloud security engineers understand this difference. We can help you secure your cloud-hosted apps against intrusion attempts by outsiders, in addition to minimizing configuration errors by insiders to prevent data leaks.
Secur’s Security Assessment provides full visibility into the actual state of signalling protection for SS7, Diameter, GTP. Test how well your security is performing and see what risks are lurking.
|By knowing which attacks are successful, Secur’s Security Assessment is the key for building a management process to handle signalling vulnerabilities and keep your network and subscribers safe.|
Ready to get started?
Secur has a robust testing methodology that extends across infrastructure and application testing engagements. Although every penetration test is tailored to our client’s individual needs, we follow the same proven methodology so as to maintain a consistent and reproducible set of results.
From a high-level perspective, Secur’s infrastructure testing methodology is based around seven core phases:
- Phase 1: Scoping
- Phase 2: Reconnaissance and Enumeration
- Phase 3: Mapping and Service Identification
- Phase 4: Vulnerability Analysis
- Phase 5: Service Exploitation
- Phase 6: Pivoting
- Phase 7: Reporting and Debrief
our services meet the following standards :