We test Internet facing and internal applications for vulnerabilities that could adversely impact your business
We test mobile applications, supporting API's and corporate mobile security policies for vulnerabilities and misconfigurations that would put your business and your users at risk
We test infrastructure underpinning your applications and business operations including laptops, servers, kiosks and network devices for misconfigurations and vulnerabilities
Goal orientated testing
We attempt to evade your preventative and detective controls to demonstrate pre-agreed scenarios such as stealing intellectual property, customer information or gaining access to critical application systems
We test wireless server and client configurations and identify rogue access points inside your organisation perimeter
We assess susceptibility to external phishing attacks, a common method used by criminals to breach your perimeter defences
We assess the physical security controls around your sites such as RFID based access control systems and test if we can circumvent them
We perform a broad security check up that may identify areas of interest warranting closer inspection
Can we bypass the login mechanisms to gain unauthorised access to hosts, applications or data?
Can we access data of functions that should be reserved for another user?
Can sensitive data sent across the network be intercepted by a third party?
How does your application handle malformed or malicious input? Can we bypass controls through specially crafted attacks?
Can we circumvent the intended use, workflow or business processes of your application in ways that adversely affect your organisation?
Do your systems inadvertently disclose sensitive information?
Are there misconfigurations of oversights that would allow an attacker to obtain sensitive information or gain a foothold in to your organisation?
Are you using software components, libraries, modules or plugins that have publicly known exploitable vulnerabilities?