Penetration Testing for Networks
What is Penetration Testing?
Penetration testing, or ethical hacking, involves Intertek actively testing websites, devices and infrastructure for security vulnerabilities, so that any such weakness may be closed before it’s identified and exploited by a hacker.
Why do we need Penetration Testing?
The need to test the security of an organisation’s network defences and key systems has never been greater, driven by the growth in connected devices and cloud-based applications and the increasing frequency, sophistication and damaging nature of cyber-attacks.
A regular cycle of penetration testing will allow you to demonstrate:
- a responsible attitude towards the protection of data
- a proactive risk management process in a rapidly evolving field
- launch a secure connected product to consumers and supply chains for whom security is a key factor
Intertek’s penetration tests are delivered by experienced and qualified testers following an agreed methodology and using safe and proven tools. We will provide you with a prioritised list of security weaknesses alongside cost effective actions to improve security.
Penetration testing can help you address both assurance and certification needs:
- Assurance - Enabling you to identify and mitigate the intrinsic risk in your networks, operations, supply chains and business processes
- Certification – Formally confirming that your products and services meet trusted external and internal standards (see dedicated section)
Tests can support you in securing a range of system types including:
- Web sites and applications
- Network and cloud infrastructure
- Workstations and mobile devices
- Connected devices (IoT)
Tests can be performed from an external perspective to target Internet facing systems, and from an internal perspective to assess servers and end user devices.
The objective of a penetration test assignment will be tailored to your requirements and may include:
- Network wide – targeting all systems to establish baseline security against your internet and internal footprint
- System focused – assessing the configuration of a new server build or web application release
- Objective focused – a carefully choreographed simulated attack against an agreed threat scenario, also known as a red team or ‘capture the flag’ exercise