Penetration Testing - Our Approach

We adopt the following approach to all of our penetration testing and security auditing projects:

• Initial qualification and scoping: confirmation of the client's requirements and ensuring that all parties are clear about the content, objectives and planned outcomes from the proposed penetration test or security audit.
• Detailed project planning: agreement of the exact content, format and level of confidentiality of the planned tests/audit and definition of the necessary escalation paths and authorisation for the tests/audit.
• Test/audit phase: completion of this may be spread over a period of time and work is likely to be done externally and onsite.
• Reporting: production and presentation of the final client report.

Our methodology varies according to the type of exercise; the sections below summarise the main activities we undertake.

External Penetration Testing

• Remote scanning of publicly available URLs using a range of tools and manual processes to obtain information about the client’s systems.
• Testing of mail servers, web servers, FTP servers, firewalls and external routers to identify vulnerabilities, and then attempting to use these to access the systems.
• Testing of client systems via modem dial-up links to identify poorly protected systems, and then attempting to access these systems.
• Remote scanning of wireless networks to identify weaknesses, and then attempting to use these vulnerabilities to access the client’s systems.

Internal Penetration Testing

• Inventory scanning of client networks to identify all possible target systems/ports for subsequent testing.
• Scanning of target systems/ports to identify potential vulnerabilities.
• Exploitation of vulnerabilities to attempt to access the client’s systems.
• Network sniffing to capture data that may assist getting access to systems.
• Using data forensics techniques to try to capture data that may assist getting access to systems.
• Password cracking to try to gain access with elevated privileges on target systems.

Security Auditing

• Review of the client’s documented security policies and procedures, and investigation of how effectively these have been implemented.
• Analysis of the core security configurations on the client’s systems to identify possible deficiencies.
• Analysis of the version and patch levels of the operating systems and applications on the client’s key systems to identify potentially exposed systems.
• Review of IT physical security in the Client’s offices and IT environments.

Back to Penetration Testing & Security Audits