The Service

Penetration testing identifies security vulnerabilities within your computer system, network or web application and exploits these to ethically hack in to your systems. This security testing imitates a real-life attack to identify weaknesses, and evaluate how effective your information security strategy and controls are in protecting your systems and data. 

External network and web application tests are performed over the internet, and can be carried out remotely.

The Benefits

  • Test and better understand the security posture of your network or application (web or mobile)

  • Identify vulnerabilities, determine the likelihood of these being exploited and the potential impact

  • Align with industry standards and regulations

  • Better align with current data protection regulations such as the GDPR

  • Provide assurance to your customers of the security of your services and systems

The Challenge

Whether your organisation is small or large, public or private, you are likely to have information that if compromised could cause harm to your staff, customers or your reputation. Weaknesses in internet facing networks and applications can occur due to poorly patched, configured or unsupported systems. Where these vulnerabilities occur, they may be exploited by malicious attackers to compromise your data. Therefore, it is essential to identify these weaknesses and understand how they can be remediated to protect you from future damaging attacks.  

Regular penetration testing, particularly after the introduction of new functionality or infrastructure is an essential facet of security best practice. Using penetration testing, you can improve the security of your systems and minimise the chance of future cyber attacks. 

Our Process

At BH Consulting, we will make you aware of the vulnerabilities that exist in your systems and help you minimise potential cyber attacks. Our specialist team will analyse the results and findings of the tests and provide you with a tailored report. The report will rank the identified risks in order of priority with practical remedial actions and recommendations. Additionally, we will discuss each of the key areas with you to ensure the impact of our findings are fully understood and where necessary provide further details.

We will use a mixture of tools and manual processes and depending on whether the targets are at the infrastructure or application layer, will check for weaknesses such as: 

  • Network vulnerabilities

  • Network architecture and the use of security zones

  • Web browsing controls

  • Firewall configuration and segregation of zones

  • Software vulnerabilities at the infrastructure and server level

  • Business Logic vulnerabilities

  • Input validation issues

  • SQL Injection, cross-site scripting and all OWASP top 10 vulnerabilities

  • Access control & authentication issues

  • Password strength and susceptibility to brute-force attacks

  • Session management vulnerabilities

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.