Penetration testing simulates real-world scenarios of cyber-attacks to an organisation’s network, systems, or applications and assesses their vulnerability to compromise. This is usually carried out from the point of view of an external Internet-based attacker or by simulating a malicious insider.
As with a real attack, penetration tests begin with reconnaissance while scanning for specific vulnerabilities or oversights in systems’ configuration. If access is attained, the tester attempts to move laterally to gain access to other resources as well. Once the agreed goal of the test has been reached, the tester documents each stage of the exercise and any weaknesses uncovered.
Today’s networks and systems are an order of magnitude more complex than they were even a few years ago, which means that defending them has become hugely uncertain. Even the best-resourced organisations can’t see or anticipate every vulnerability. Penetration tests give clients a wealth of insights into where weaknesses lie, allowing fixes and countermeasures to be put in place before real attackers discover and exploit them. The test report delivered at the end of this process provides a critical baseline for the management of risk, including which fixes should be given a high priority. This helps organisations understand how they should plan security investments going forward.
A misconception is that only poorly managed systems and networks have vulnerabilities. In fact, systems and networks are so diverse and complex that can inherently suffer from different types of weaknesses. Even among carefully secured infrastructures, the dynamic nature of modern environments means that new vulnerabilities can appear at any moment. Because, simple oversights can have severe repercussions, what matters is to spot them before the adversaries do.
OBRELA Labs has a proven track record among customers with complex environments such as, but not limited to, financial services and banking, telecommunication providers, maritime (shore and vessel), healthcare, critical infrastructure, online retailers, insurance. Our penetration tests are carefully tailored to simulate scenarios that assume different attacker’s standpoints and levels of knowledge regarding the target.
The testing approach is goal oriented and aims to demonstrate the maximum impact of a successful cyber attack that could allow a third party to obtain unauthorized access to the data served by the target systems or applications.
The penetration testing is conducted using industry-leading tools and manual penetration testing techniques that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses while focusing on an in-depth coverage.
Obrela Labs’ penetration testers hold a range of accreditations, including Offensive Security OSCP, CREST CPSA, CREST CRT and EC-Council CEH.