Teceze’s managed penetration testing service is an effective and economical method of determining the security of your networks and web applications, enabling your organisation to identify the best way to protect its assets. For most organisations, it can be difficult to hire and retain the specialist staff necessary to perform the recommended annual or semi-annual penetration tests. Our expertise in complex networks and standards means we can offer a structured framework to help you achieve your development and compliance needs under one contract to meet your annual and bi-annual penetration testing requirements
• Increase savings over time and insure procurement of your annual penetration testing requirements against any price fluctuations; • Make budget planning easier with pre-scoped tests and transparent fixed pricing. • Maintain compliance against standards and legislation where there is an annual penetration testing requirement. • Save time in negotiations, hold-ups with the legal department and preparation for testing with one contract; and • Better fit your testing requirements into the window between each development being completed and going live
Our engagement process
Penetration testing programme development
Our CREST-accredited penetration testing consultants can help you develop your managed penetration testing requirements by developing a penetration testing programme that combines level 1 penetration testing of your estate and level 2 testing of your critical systems and assets to maximise value.
Before a test, our account management team will discuss your assessment requirements for your systems, networks or applications to define the scope of the individual test.
We will attempt to gather information about your organization and how it operates. We will use automated scanning to identify potential security holes that could lead to your systems being compromised.
We will conduct manual tests (e.g. authentication bypass, brute-force attack, public exploits) to compromise your system environment and identify attack vectors for your wider network.
We will provide a detailed breakdown of all your results in an easily interpreted format based on the damage potential, reproducibility, exploitability, number of affected users and discoverability of each finding.
We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all identified issues have been successfully resolved
A network penetration test aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.
This generally includes:
Identifying and assessing all Internet-facing assets a criminal hacker could use as potential entry points into your network;
Assessing the effectiveness of your firewalls and other intrusion-prevention systems; and
Establishing whether an unauthorised user with the same level of access as your customers and suppliers can gain access to your systems via the external network.
Clients will receive information about the identified vulnerabilities in a format that allows them to assess their relative business risk and the cost of remediation. This information can be used to resolve the vulnerabilities in line with the network owner’s budget and risk appetite.
Internal penetration testing assesses what an insider attack could accomplish. The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorised access or is starting from a point within the internal network.
An internal network test generally:
Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.
Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the network owner’s budget and risk appetite, inducing a proportionate response to cyber risks.
A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding and publishing of software or a website.
This generally includes:
Testing user authentication to verify that accounts cannot compromise data;
Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
Safeguarding web server security and database server security.
The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks
Teceze simulated phishing attack aims to establish whether your employees are vulnerable to phishing emails, so you can take immediate action to improve your cyber security. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns. After completing the simulation, the results of the test can be shared with employees. As part of this feedback, Teceze has developed an e-learning module to help your staff understand how phishing attacks work, the tactics that cyber criminals employ to lure inattentive users, and how to spot and avoid a phishing campaign
Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical. Teceze Social engineering penetration tests provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training.
Our social engineering penetration test will help you:
Establish the publicly available information that an attacker could obtain about your organisation;
Evaluate how susceptible your employees are to social engineering attacks;
Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
Wireless networks are everywhere. Employing a wireless solution can offer greater flexibility, but it comes with greater potential for the attack as it expands your organisation’s logical perimeter. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant.
Wi-Fi can provide opportunities for attackers to infiltrate an organisation’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.
Wireless network testing generally includes:
Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. They can then be resolved in line with the network owner’s budget and risk appetite, helping them respond proportionately to cyber
The benefits of completing a wireless network penetration test
Get real-world insight into your vulnerabilities.
Detect default Wi-Fi routers.
Identify rogue or open access points.
Spot misconfigured or accidentally duplicated wireless networks.
Flag security vulnerabilities in Bluetooth technology.
Identify insecure wireless encryption standards (such as WEP)
• Our structured and proven approach provides tangible results at a competitive price. Teceze uses a tailored approach to make sure our security testing meets the maturity and expectations of your business. Our fixed-cost packages are ideal for small and medium-sized organisations, or for those with no experience of penetration security testing. For organisations with more complex objectives, or that need a more detailed exploration of complex or sensitive environments, our technical services team can provide additional scoping support and pen testing expertise. • Our team Our technical services team includes highly skilled penetration testers who can test your system defences and websites for vulnerabilities, carry out exploits in a safe manner, and advise on appropriate mitigation measures to make sure that your systems are secure. • We hold accreditation at individual levels Our penetration tests are performed by industry-accredited security testers, who use their diverse knowledge of penetration and vulnerability testing and the associated security challenges to deliver accurate results. • Practical solutions to help you meet your legal, regulatory and contractual requirements Our expertise in standards such as the PCI-DSS, ISO 27001, the GDPR and ISO 9001 means we can offer an integrated approach and can develop suitable solutions that will help you to reduce your risks and ensure compliance with standards, frameworks, legislation and other business requirements.