Penetration Testing

Stay ahead of cyber attacks and protect your business critical data with Covenco365’s Penetration Testing service.

Penetration testing (pen test) is a real-world assessment of the security vulnerabilities within a defined area of an organisation’s infrastructure and systems.

It attempts to give a realistic view of what a malicious user would be able to accomplish. Vulnerabilities are identified and exploited to gain access to systems, retrieve sensitive data and compromise security mechanisms.

Pen testing and security audits are vital in ensuring that the controls you have in place to protect your company data and assets are effective. During testing, it is often discovered the technologies, procedures and processes an organisation considered effective were either misconfigured, inappropriate or not actually in place at all.

 

What’s included in the Covenco365 Pen Test Service?

Testing Strategy:

We will discuss the type of testing, black, white and grey box testing techniques, you should select to meet your objectives.

Testing Methodology:

All testing will follow the industry standard process of The Open Source Security Testing Methodology Manual (OSSTMM) or Open Web Application Security Project (OWASP) for web application related tests.

Testing Partner:

For customers with defence contracts or ‘secret’ data, it will be a requirement when selecting your Security Partner that you choose a Government accredited pen testing company such as ourselves. These companies are known as CHECK ‘Green Light’ Companies.

Testing Specialism:

We can offer all types of penetration testing, including advanced persistent threat (APT) testing through to social engineering, cloud pen testing and full security audits.

Testing Type:

External Network Layer Test – a blind (black box) pen test of your external / public IP addresses.

External / Web Application / Web Services Test – a focused penetration test of a web application / site. This can be carried out on a variety of applications i.e. company website; intranet; Citrix; company hosted sites; externally hosted sites.

Internal Infrastructure Test – any business device can be included as part of an internal test i.e. servers; desktops; laptops; WIFI; VOIP; BES; mobility devices such as tablets etc.

Need some help or more information about our Pen Testing Service?

Pen Testing Features

Assess the feasibility of an attack and the potential risks from such an event taking place

Ransomware

Demonstrate what a hacker / malicious user would be able to achieve

Explain the business impact of the vulnerabilities being discovered and exploited by a malicious user

Expose issues which an automated scanner would not always identify

Cover logic-based applications (i.e. web applications) in depth from a user’s perspective

Covenco give us 24/7 peace of mind that in a disaster recovery situation, we will get a fast and efficient service to get our business operational again as quickly as possible. The annual DR tests have helped us improve our strategy to ensure we are as prepared as possible for the worst

Puma UK

We think of Covenco as an extension of our own IT department. We work closely together regarding IT security aspects, disaster recovery and business continuity side of the business. They are always there to discuss future developments and plans to improve Mizuno’s IT systems and that helps us to concentrate keeping our own business operations running smoothly.

Mizuno Corporation

I would recommend Covenco for excellent customer support, extensive knowledge, and experience with business continuity solutions, as well as cloud-based backup and recovery services.

AutoXP

Frequently Asked Questions

What is penetration testing?

Penetration testing (or pen test for short) is a real-world assessment of the security vulnerabilities within a defined area of an organisation’s infrastructure and systems. It attempts to give a realistic view of what a malicious user would be able to accomplish.

Why do I need a penetration test?

There are a number of reasons why you should conduct a pen test including: To assess the feasibility of an attack and the potential risks from such an event taking place.

How often should we perform a pen test?

With the number of cyber-attacks and new strains of malware developing each year, it’s important that pen testing is be carried out on a regular basis as they can detect newly discovered, previously unknown vulnerabilities on your organisations network.

What are the different types of pen testing?

The most common areas for the pen testing include: External networks, internal networks/infrastructure, web applications and web services.

What methods do Covenco365 use to carry out a pen test?

All testing will follow the industry standard process of The Open Source Security Testing Methodology Manual (OSSTMM) or Open Web Application Security Project (OWASP) for web application related tests.