A Penetration Test is a simulation of an attack on your business systems, process or people. We simulate attacking your digital, physical and human systems to identify security holes. Penetration testing provides IT management with a view of their network from a malicious point of view. The goal is that the penetration tester will find ways into the network so that they can be fixed before someone with less than honorable intentions discovers the same holes.
T4S performs internal or external penetration tests based on the requirements of the client and whether the focus should be placed on external attackers or internal employees. The assessment follows a discover-investigate-exploit paradigm. Using a combination of scanning and enumeration techniques, the Test Team will identify the organization's profile and investigate each facet of it for weakness until a thorough picture of the most vulnerable components is identified.
By combining the experience of our security consultants with creative and critical thinking, our Team will attempt to exploit the identified weaknesses in order to ascertain the impact each vulnerability may have on a client's system.
The amount of detailed information provided to our Team by the client prior to testing is discretionary. The minimum amount of information required is the organization's official name (registered company name in the case of a company) for a completely ‘blind' (aka. zero-knowledge or black box) test. A similar ‘pseudo-blind' test is possible by supplying the Test Team with a list of IP addresses or web application URLs of the targets.
Likewise ‘full knowledge or white box' testing can be performed with greater cooperation from system engineers to include network diagrams, IP addresses, Firewall configuration information and the like. As a matter of course, any exposed systems that are inappropriate, otherwise unexpected or apparently unused will be flagged to the client.