Network Penetration Testing
Penetration testing, or ethical hacking, involves Intertek actively testing websites, devices and infrastructure for security vulnerabilities, so that any such weakness may be closed before it’s identified and exploited by a hacker.
The need to test the security of an organisation’s network defences and key systems has never been greater, driven by the growth in connected devices and cloud-based applications and the increasing frequency, sophistication and damaging nature of cyber-attacks.
A regular cycle of penetration testing demonstrates:
- a responsible attitude towards the protection of data
- a proactive risk management process in a rapidly evolving field
- a secure product or service offering to consumers and supply chains for whom security is a key factor
Intertek’s penetration tests are delivered by experienced testers following an agreed methodology and using safe and proven tools. Clients are provided with a prioritised list of security weaknesses alongside cost effective actions to improve security.
Penetration testing allows organisations to address both assurance and certification needs:
- Assurance - Enabling you to identify and mitigate the intrinsic risk in your networks, operations, supply chains and business processes
- Certification – Formally confirming that your products and services meet trusted external and internal standards (see dedicated section)
Tests can target a range of system types including:
- Web sites and applications (see dedicated section)
- Network infrastructure
- Workstations and mobile devices
- Connected devices (IoT)
Tests can be performed from an external perspective to target Internet facing systems, and from an internal perspective to assess servers and end user devices.
The objective of a penetration test assignment may include:
- Network wide – targeting all systems to establish baseline security against your internet and internal footprint
- System focused – assessing the configuration of a new server build or web application release
- Objective focused – a carefully choreographed simulated attack against an agreed threat scenario, also known as a red team or ‘capture the flag’ exercise