Network penetration tests are focused on finding vulnerabilities within your network infrastructure, this service goes beyond the network vulnerability assessment. The aim is to demonstrate how vulnerabilities in systems on the network can be exploited with a view to gaining full access to the network environment.

Testing Options

• Vulnerability Assessment (Identification without exploitation)
• Black-box (from an attacker’s perspective without credentials)
• Grey-box (from a malicious user’s perspective with user credentials)
• White-box (with full admin credentials)

Penetration Test Report

Following the penetration test you will be provided with a detailed report which will cover the following:

• Executive summary and high-level results
• In-depth technical report
• Remediation advice to resolve vulnerabilities discovered
• Mitigation guidance to avoid similar vulnerabilities in the future

Why do we need penetration tests?

There are a number of reasons why penetration testing may be required by organisations

• Testing by a third party is an effective way to demonstrate security posture and test the security controls in place.
• To support regulatory compliance for example PCI DSS, Data Privacy/GDPR
• Clients and partners often require proof of security testing
• Government security requirements
• Pro-active security measures in place of re-active
• Avoid legal action and reputational damage following a breach
• Cyber insurance policies may require third party security testing

How often should penetration tests be performed?

Penetration testing should be performed as part of an organisation’s risk management program. There may also be specific regulatory or compliance requirements that dictate the frequency and timing of security testing. Generally, it is recommended for testing to be performed as follows

• Full penetration test across the environment at least annually
• Focused penetration testing when new systems and/or environments are put live
• When any major changes are made in the environment

Why Codigo Security?

• Cyber security consultants with 10+ years of experience
• Consultants hold professional certifications including OSCP, OSCE, OSWE, GIAC
• Wide experience working across all industry sectors
• Our penetration testers perform manual testing which finds vulnerabilities that automated tools are not able to find