Get in Touch Close Menu

Penetration Testing (Pen Testing)

Why Trust Sapphire?

Benefit from a company with 25 years’ pen testing experience which is compliant with CREST, Tiger, NCSC and has maintained CHECK Green Light status since 2004.

Each pen test comes with comprehensive management and technical reporting, which can be applied to historical results to understand an organisation’s security maturity journey.

A wide range of pen tests, including internal and external network level testing, web and mobile application assessments, security audits, vulnerability assessments, testing for standards such as CE Plus and NCSC CHECK, Red Teaming and more.

External Penetration Test

A comprehensive manual assessment on specified hosts. The objective is to identify, but not exploit, potential weaknesses in the security system (e-mail, software, unrestricted data flows or operating system). Manual penetration testing greatly reduces false positives and provides comprehensive and legible reports.

Internal Infrastructure and Network Level Testing

Performed locally on specified hosts to provide an assessment of the effectiveness of deployed internal network security. It is designed to identify weaknesses in the security of computer systems connected to the internal network, including workstations, servers and network equipment.

Web Application Testing

As organisations conduct more business online, these systems are open to being exploited. Sapphire tests software and applications, advising on security configurations and vulnerabilities. Sapphire follows OWASP 2017 guidelines, and testing focuses on the top 10 application threats.

Wireless Testing

The test will check for common configuration errors that could allow an attacker to compromise the network and may allow unauthorised user to access back end systems. Sapphire will test both the guest and corporate wireless networks.

Firewall Configuration Reviews

Firewalls are the front line of defence against cyber threats. Sapphire can conduct a review of firewall configurations and rules to validate that they are implemented according to best practice.

Build and Configuration Reviews

These assessments can be conducted on any host, network device or servers. Sapphire will audit your key IT assets’ security configuration based on industry-standard benchmarks, as well as Center for Internet Security (CIS) guidelines and ensure that each component is compliant.

1. What is a penetration test?

Penetration testing is where organisations employ skilled cyber security professionals to attempt to find weaknesses in a particular security environment. Becoming a penetration tester involves gaining approved certifications, some specific to particular sectors and regulatory environments.

2. How is penetration testing performed?

Typically, carried out in 5 steps, including;

1. Planning. The pen test team receives expectations and scope of the test from the organisation and starts information gathering to understand potential attack vectors.

2. Threat modelling/ Scanning. Once a list of potential targets has been drawn up, the pen test team will begin scanning the attack surface to ascertain the crucial first phase of the attack chain, typically this is through web facing assets, or social engineering.

3. Gaining access. In this step, the pen tester uses the information gained in Step 1 and 2 to access the target organisation.

4. Lateral movement. After gaining access, the pen test team begins trying to move laterally through the environment towards the target. This often involves privilege escalation and other ‘low and slow’ methods designed to remain stealthy.

5. Reporting. In the last step, the tester will provide a detailed technical report of their findings. The report will include the vulnerabilities identified based on type and host, a solution or remediation to the issue and the risk to the overall organisation.

4. Why does an organisation need to perform penetration testing?

With regular pen tests, an organisation can identify flaws in people, process and technology before an attacker does.

Security testing improves the security posture of your organisation by identifying the security weaknesses present and targeting the patches and other improvements that you need to make to policies and procedures.

6. Types of penetration testing services offered by Sapphire

As a leading cyber security firm in the United Kingdom, Sapphire is able to offer:

  1. External and internal network penetration testing to prevent firewall, router, proxy server, and other types of attacks.
  2. Web Application Security Testing to show vulnerabilities in web applications that hackers could use to harm an organisation’s data.
  3. Mobile Application Assessment
  4. Wireless network penetration testing to determine the safety of a wireless network.
  5. Remote Access & VPN Reviews
  6. Firewall Reviews
  7. Build and Configuration Reviews
  8. Device Testing
  9. Social Engineering
  10. Open Source intelligence
  11. Vulnerability Assessment and Automated Scanning
  12. NCSC CHECK Testing
  13. Red Team Testing
  14. Cyber Essentials Plus Audit

7. Why choose Sapphire?

With 25 years of experience, our pen testing teams have a significant understanding of how to approach different environments, leading to better quality results.

Our pen testers are all ethical hackers who use custom toolkits and well-established commercial penetration testing tools to target your IT systems. This provides a unique and thorough security assessment which is not possible using automated scanners.

We value your experience with us. That is why we work in tandem with your company to provide the highest quality customer experience while delivering our services. Sapphire is agile enough to adjust to your business’s requirements whether you are looking for support with an on-site project or require us to deliver our testing services remotely.