SERVICES

Penetration Testing

The world of cybercrime is advancing at pace, which presents an ever-growing range of threats for every external facing system in a company irrespective of size, location, industry, budget or resource. That’s why penetration testing – or pen testing – has grown to become one of the most popular system security services offered by our highly accredited engineers.

We will test and enhance your web and mobile application security, alleviating the risk of a successful security breach.

What is a Penetration Test?

A penetration test is a secure way to gain assurance of your system security using the same tools that an attacker may use to find vulnerabilities in your security.

During a web or mobile penetration test our certified ethical hackers attack your assets from an intruder perspective, focusing on identifying vulnerabilities in your system, and advise you on how to fix them, before hackers exploit them.

Why Conduct Security Testing?

Reduce Risk

Risk aversion is key when protecting sensitive data or critical infrastructure. The negative impact, financially, to your clients and your business reputation can be irreversible if your system falls victim to a cyber attack.

Compliance

If security governance and information security management is regulatory in your industry then third party pentesting could be mandatory for you to be compliant. We can provide testing for PCI DSS, HIPAA, ISO27001, SOC 2 and other governance.

Customer Requirements

Assure customers that your product meets security standards giving them confidence that their data is safe.

We are thrilled with IDS Group’s pentesting service. The team were professional and tenacious at every stage of the process, committing attention to detail and unswerving support throughout with consistent communication at every stage. Post assessment we utilised their expertise working with our   team to fix all vulnerabilities found, making them security partners, not just pentesters.

Luke Allen

Managing Director, eviFile

We’re certainly seeing projects of varying sizes come into our team. It’s a cost-effective service after all, and certainly far more affordable than the expense associated with a security breach.”

Iakovos Triantafyllou
System Security Architect

Accreditations & Certifications

The extensive knowledge and expertise of our specialists are confirmed by the most respected cyber security certifications and accreditations. These are held by the company and independently by individual experts within the team.

Our cyber security experts

The human factor remains the most important part of security testing. That’s why our certified security experts are rigorous, challenging and passionate about what they do. Using only white hat penetration testing techniques, we’ll typically:

• Gather information about the target

• Locate possible entry points

• Attempt to gain access

• Test the disaster recovery strategy

• Collate our findings on all identified weaknesses

• Devise a proposed security roadmap

• Work with IT leaders to implement our recommendations and eradicate current vulnerabilities.

 

Are your systems secure from the inside out?

    I consent to the collection of the above data as detailed in the Privacy Policy.*

    Frequently asked questions

    What is our methodology?

    Our methodology is OWASP Web Security Testing v4.2

     

    How does our pentest vary from other vulnerability assessments?

    Our USP – deep manual penetration testing that allows to discover more than 90% of all vulnerabilities. We also use automatic vulnerability scanning during a pentest and manually investigate each finding.

     

    How much of our service is automated testing vs manual testing?

    The testing process is 80% manual and 20% using automated tools. We believe only deep manual testing can achieve high-quality penetration testing results.

     

    How do we eliminate false positives?

    Our pentest is a real attack on the app with the same instruments and knowledge that real hackers use. It is rare for our penetration tests to produce false positives due to their manual process. All outputs from vulnerability scanners are analysed manually as well. You will have the opportunity to clarify findings and ask questions after receiving the Pentest report. Rarely it is possible to remove a found vulnerability from the final report or change the risk after discussion with a dev team.

     

    Will/can we exploit identified issues proving more than validation?

    Each finding should be reproducible. Sometimes we assemble several vulnerabilities to develop and show scenarios of the most dangerous attacks – exploits are developed sometimes only for such cases.