Penetration Testing

What is penetration testing?

Penetration testing simulates real-world scenarios of cyber-attacks to an organisation’s network, systems, or applications and assesses their vulnerability to compromise. This is usually carried out from the point of view of an external Internet-based attacker or by simulating a malicious insider.

As with a real attack, penetration tests begin with reconnaissance while scanning for specific vulnerabilities or oversights in systems’ configuration. If access is attained, the tester attempts to move laterally to gain access to other resources as well. Once the agreed goal of the test has been reached, the tester documents each stage of the exercise and any weaknesses uncovered.

Why testing matters

Today’s networks and systems are an order of magnitude more complex than they were even a few years ago, which means that defending them has become hugely uncertain. Even the best-resourced organisations can’t see or anticipate every vulnerability. Penetration tests give clients a wealth of insights into where weaknesses lie, allowing fixes and countermeasures to be put in place before real attackers discover and exploit them. The test report delivered at the end of this process provides a critical baseline for the management of risk, including which fixes should be given a high priority. This helps organisations understand how they should plan security investments going forward.

A misconception is that only poorly managed systems and networks have vulnerabilities. In fact, systems and networks are so diverse and complex that can inherently suffer from different types of weaknesses. Even among carefully secured infrastructures, the dynamic nature of modern environments means that new vulnerabilities can appear at any moment. Because, simple oversights can have severe repercussions, what matters is to spot them before the adversaries do.

Our penetration testing service

OBRELA Labs has a proven track record among customers with complex environments such as, but not limited to, financial services and banking, telecommunication providers, maritime (shore and vessel), healthcare, critical infrastructure, online retailers, insurance. Our penetration tests are carefully tailored to simulate scenarios that assume different attacker’s standpoints and levels of knowledge regarding the target.

The testing approach is goal oriented and aims to demonstrate the maximum impact of a successful cyber attack that could allow a third party to obtain unauthorized access to the data served by the target systems or applications.

Objectives of a penetration test:

• Discover and exploit security weaknesses on the target networks/systems/applications
• Identify synergies among the exploited weaknesses aiming to amplify the impact of the attack
• Identify the level of technical risk associated with these weaknesses
• Recommend countermeasures to negate these weaknesses or mitigate the associated risk

The penetration testing is conducted using industry-leading tools and manual penetration testing techniques that aim to identify and exploit both known and unknown software flaws, misconfigurations and operational/control weaknesses while focusing on an in-depth coverage.

Penetration testing benefits

• Carried out by a third party, a penetration test offers a realistic assessment of a company’s systems and applications under real-world scenarios
• Validates and supports organizations to ameliorate their security procedures and investments
• Tests various parts of an organisation’s defences – procedures, access controls – which are inherently difficult to assess by other means
• Gives organisations insight into how smaller and apparently innocuous vulnerabilities can lead to larger compromises when used together

The Obrela Labs team

Obrela Labs’ penetration testers hold a range of accreditations, including Offensive Security OSCP, CREST CPSA, CREST CRT and EC-Council CEH.

If you are interested in a quote please email or give us a call at +44 (0) 203 397 8723