Penetration Testing

Penetration Testing (pen test), is an essential testing technique to combat the ever increasing threat of hackers (both internal and external) and the challenges modern businesses face today. A penetration test simulates what an attacker performs so that when a real threat occurs, the rate of success is foiled or drastically reduced. It also evaluates the level of security within your organisation by identifying known and unknown security vulnerabilities across your networks, servers and applications.

During a penetration test, Intact Security combines both manual and automated techniques (including firewall penetration testing) using penetration testing software to help ensure your sensitive data is properly protected and that compliance requirements are being met.

Are there different types of tests?

Penetration tests vary in the approach taken. A pen test can follow either a black box or a white box testing technique.
Black box testing refers to a method of testing in which there is no knowledge of the systems or infrastructure to be tested. The black box technique most closely resembles an external hacker who has little to no understanding of the systems in place.
In contrast, white box testing refers to a method of testing where the tester has a working knowledge of the underlying infrastructure – network, servers and applications. This information is provided by you prior to commencing the testing. White box testing allows for a more targeted approach and allows for the testing to be completed in a shorter timeframe.
Our methodology is in accordance with best practice standards and incorporates guidelines from OSSTMM, NIST, OWASP (Open Web Application Security Project) and include all classes of WASC attacks in our penetration tests.

Ok, I have had a test but what is all this techno jargon?

After conducting a penetration test we provide a comprehensive report telling you exactly where your vulnerabilities are and how to secure your business against real attacks. The reports are easy to understand and have the right balance of non-technical information so that senior managers will understand the recommendations, and the detailed technical feedback which your IT and security team can immediately action. Saving your business time and money.
Close off your security gaps today by learning what the bad guys see before they see it.

Tell us more and we can help

Pentest – Contact Form

Vulnerability Assessment

We find all the unlocked doors and nail them shut.

The goal of Intact Security’s vulnerability test, is to stress every part of your company’s network to identify potential attacks, cyber security liabilities, insider threats, and advanced persistent threats.

Although seemingly contradictory, in order to effectively fortify all of your systems and applications against cyber criminals, Intact Security will relentlessly try and hack them using known methods. Our team has serious pedigree that includes competing in national Capture-the-Flag cyber events and winning numerous bounty contests. At the conclusion of every vulnerability assessment, we provide a detailed report outlining all vulnerabilities and a recommended implementation plan to fix them.

Nothing set-and-forget here. Intact Security educates its clients and offers customized solutions that adapt to businesses in any vertical regardless of company stage, start-up or mature.

Tell us more and we can help

VA – Contact Form

Web Applications Testing

Application Security

Our AppSec experts will review your software from both an outside perspective, revealing any unintended information or vulnerabilities exposed to the public, as well from the backend, combing through your code and system architecture to find potential weaknesses. Our services include Manual Inspection and Review, Threat Modeling, Penetration Testing, Code Review, and Infrastructure Review. The end goal is to find potential vulnerabilities and recommend architecture improvements to maximize security and performance.

Source Code Review

Using both manual and automated techniques, and working inside our OWASP framework, we primarily look for potential vulnerabilities, security functions performed on the client side, flawed business logic, client-side access control, cryptographic functions, and any comments or details left by the developers. We look through all code, any included JavaScript, framework-specific generated code, third-party plugins, and any other dynamically generated DOM/HTML. Our Final Report gives a complete view of the security stance and lists fixes for all issues found.

Modeled around OWASP Methodology

The Intact Security approach for web-application penetration tests is modeled around the Open Web Application Security Project (OWASP) testing methodology and as such follows the current OWASP recommendations and best-practices. We built our proprietary testing methodology specifically around the OWASP testing guide as it is the definitive resource for web-application penetration tests. Using this approach allows us to be creative in our approach while staying within a secure framework.

Tell us more and we can help

Web App – Contact Form

Mobiles & VoIP

Cyber attacks pose numerous threats to VoIP telephone systems, such as the capture of inbound and outbound calls through network manipulation, recording or listening in on calls, gaining access to internal networks through the voice VLANS and use of the network to make outbound calls (toll fraud).

In order to facilitate correct operation of VoIP devices, VoIP systems often operate outside of normal network security controls. Intact Security is able to assist you in securing your system’s SIP and H.323 endpoints  whilst providing peace of mind against toll fraud.

We will assess your network infrastructure, VoIP components and authentication methods, and their capability to prevent manipulation between your clients and VoIP server to determine the scope of your security, providing a detailed report and recommendations for remediating issues and vulnerabilities.

Done it once now do it again – Retest

It is vital that our clients undertake a retest as part of their penetration test service. This is to ensure that all vulnerabilities have had the necessary controls applied and are no longer at risk of exploitation.

Retests are always clearly quoted within our proposal documentation and each retest scans all of the areas originally identified as risks in our original penetration test report. 

Mobile & VoIP – Contact Form