Cyber security tactics and techniques are constantly evolving. It is essential to regularly test your security systems and solutions to verify that they are maintaining a strong defence against known and unknown threats.
Your IT systems hold data which is critical to your organisation. You may believe your system is secure, using assured solutions and appropriate security procedures, but are you sure it has been correctly configured and does not have any vulnerabilities?
Autodata offers a number of security assessments services to help you understand which threats and vulnerabilities pose the most risks to your organisation due to infrastructure gaps, people, environmental issues or third-party exposure. All organisations should regularly conduct both internal and external assessments on their infrastructure, networks and applications.
External Infrastructure Assessment
The External Infrastructure Assessment is performed outside the organisation, mimicking a hacker attempting to gain access to sensitive information by targeting your public-facing profile and architecture. Testers attempt to access a target node, gain identity credentials, and then deny and disrupt the service.
The objective is to test your current security posture and the state of your internet-facing systems in response to what an attacker might initially implement prior to launching an external attack.
Prior to testing we investigate your current internet profile using non-invasive techniques such as domain-based discovery, open-source vulnerability checks and bouncing email messages to determine the location of mail servers.
Internal Infrastructure Assessment
The Internal Infrastructure Assessment is performed inside the organisation, mimicking a disgruntled employee or other individual that has successfully gained access to sensitive information. Testers attempt to gain extra identity privileges and defeat auditing, detection and other security mechanisms such as access control.
The objective is to identify which internal infrastructure elements (email, databases, systems etc) are vulnerable to attack, enabling you to understand the potential impact posed by individuals existing inside your internal network.
All IP address ranges for the assessment are required prior to the start of testing and all devices deemed in scope are enumerated to ascertain that they are responsive and alive.
Web Application Pen Testing
The Web Technologies and applications we use daily have advanced in recent years. This advancement and reliance upon such services has exposed users to a variety of new security risks.
External-facing Web Applications used by businesses are by nature available to all via the public Internet. Their complexity and availability have made them an ideal target for attackers and there have been many publicised data breaches that have been caused by insecure web applications.
Web Application Penetration Testing is now a critical part of your security strategy to ensure your public facing applications are free from security risks. Protecting these applications from new threats is a constant challenge, especially for developers who may not be security aware and typically working toward a performance deadline.
Mobile Application Pen Testing
Mobile Applications are becoming increasingly complex. Their threat landscapes are becoming larger with more personally identifiable and business critical data being stored.
Insecure applications may result in sensitive data being exposed to other applications on the device, with the ability to trigger application components to perform malicious actions amongst other attack vectors.
Mobile Application Penetration Testing can help alleviate risks by identifying vulnerabilities that exist on your Mobile Applications in both IOS & Android Operating Systems. Applications typically make use of an API to send and retrieve data from the server, so this is a focal point of assessment with our full API methodology being covered.
Our Assessment looks at mobile applications at a storage level by reverse engineering the application package and viewing the database and configuration files. We use specialised technology to simulate a malicious application stored on the phone alongside your application to check for vulnerabilities that require a malicious application to exploit.
Performing regular penetration tests is essential to ensure and evidence that your security solutions are delivering the protection your organisation needs.
Get in touch today to arrange a scoping call for your next Penetration Test.