Penetration Testing: Identify Security Vulnerabilities, Increase Network Security

Penetration testing, also known as a pen test or ethical hacking, is a controlled test of the security of your network. A pen test provides insight into any security risks on your environment including infrastructure, software applications, servers and workstations, which gives you the information you need to protect your business-critical information and the reputation of your organisation from an external or internal attack. Testing should play a crucial role in your cybersecurity strategy.

During a test, Sapphire's certified pen testers will essentially 'hack' a system to expose both known vulnerabilities and unknown vulnerabilities, but stop short of exploiting those vulnerabilities (unless specifically instructed to do so). This is an excellent way to identify any security flaws on your network and ensure that the security controls that your organisation has in place are functioning correctly.

Pen Testing - Our Services

Sapphire offers a range of penetration testing services delivered by a team of experienced security professionals located throughout the United Kingdom. These include:

> External Network Penetration Testing
> Internal Network Level Penetration Testing
> Web Application Security Testing
> Mobile Application Assessment
> Wireless Network
> Security Audit
> Remote Access and VPN Reviews
> NCSC CHECK Testing
> Device Testing
> Firewall Reviews
> Build and Configuration Reviews
> Vulnerability Assessment and Automated Scanning
> Social Engineering
> Cyber Essentials Plus Audit
> Open Source Intelligence
> Red Team Testing

Why Pen Test?

Penetration Tests are often required due to demands for regulatory compliance. In addition to this, a pen test is an excellent way to review any security issues introduced to your network when you make changes to the network. It can also be used as a tool to verify the security of any new service or application before it goes live.

Security testing improves the security posture of your organisation by identifying security weaknesses present and targeting the patches and code improvements that you need to make.  It can also inform you about the changes you need to make to your security policies and procedures. 

On completion of any test, Sapphire completes a management report and a full technical report. These deliverables include recommendations for technical countermeasures, policy improvement and other remediation advice where appropriate. The reports will also compare previous test results to enable our customers to evaluate the effectiveness of ongoing patch management and configuration work.

Why Sapphire?

Our pen testers are all ethical hackers who use custom toolkits and well-established commercial penetration testing tools to target your IT systems as part of a simulated attack and gain access to your network. This process provides a unique and thorough security assessment which is not possible using automated scanners.

The strength and effectiveness of our testing services lie with the professional conducting the test. Sapphire are members of the CREST, Tiger and CESG CHECK schemes and have maintained the CHECK Green Light status since 2004. Our penetration testers are experienced in delivering assurance services across private and public sectors and can leverage the lessons learned in each sector to the benefit of all our clients.

Reporting

Sapphire will report on vulnerabilities based on type and host. The risk level is categorised using a serious, high, medium, and low traffic light system to assist with your remediation plan. The root causes are also classified by type, e.g. Development, Patching, Configuration, or Upgrade. Technical information for each vulnerability will be provided detailing the context, including screenshots or evidence, relevant CVSS rating for information and reference URLs.

We value your experience with us. That is why we work in tandem with your company to provide the highest quality customer experience while delivering our services. Sapphire is agile enough to adjust to your business's requirements whether you are looking for support with an on-site project or require us to deliver our testing services remotely.