Portcullis performs internal or external penetration tests based on the requirements of the client and whether the focus should be placed on external attackers or internal employees. The assessment follows a discover-investigate-exploit paradigm. Using a combination of scanning and enumeration techniques, the Test Team will identify the organisation’s profile and investigate each facet of it for weakness until a thorough picture of the most vulnerable components is identified.
By combining the experience of our security consultants with creative and critical thinking, our Team will attempt to exploit the identified weaknesses in order to ascertain the impact each vulnerability may have on a client’s system.
The amount of detailed information provided to our Team by the client prior to testing is discretionary. The minimum amount of information required is the organisation’s official name (registered company name in the case of a company) for a completely ‘blind’ (aka. zero-knowledge or black box) test. A similar ‘pseudo-blind’ test is possible by supplying the Test Team with a list of IP addresses or web application URLs of the targets.
Likewise ‘full knowledge or white box’ testing can be performed with greater cooperation from system engineers to include network diagrams, IP addresses, Firewall configuration information and the like. As a matter of course, any exposed systems that are inappropriate, otherwise unexpected or apparently unused will be flagged to the client.
If you would like more information on our pen testing services you can read through our testing pages on the right, download our testing brochure or if you would prefer to speak to somebody you can contact us directly via our contact page.