External and Internal Infrastructure Testing

Attackers seek opportunities inside and outside your organisation. Your attack surface comprises infrastructure that delivers connectivity between you and the world (via the Internet in all its forms) and how you manage data, systems, and connections within your business. We look for vulnerabilities everywhere.

Walk like a hacker, talk like a hacker, act like a hacker

Pen testing is all about doing all three of those things inside and outside of your business. We do all the obvious things and then go to the dark side to find vulnerabilities luring in the digital shadows. If we find a vulnerability, we attempt to exploit it (under controlled conditions) so we can close it.

  • We test from outside via the Internet, to attack your business as a real-world hacker might
  • We look for infrastructure weaknesses like DNS vhosts, TCP/UDP port scanning, and service version enumeration
  • We validate software security
  • We escalate access and privileges internally to find possible attack paths across your organisation
  • We produce results and a report on next actions
  • We use Qualys / Nessus