Cyber Security Penetration & Vulnerability Testing (a.k.a.’pen test’)

Penetration Testing is a target driven service. Vulnerability Assessments examine a particular application or service for vulnerabilities, whereas Penetration Testing is a crafted set of tests conducted specifically to penetrate clients’ cyber defences with the goal to access a client’s specified target application or service.

This type of testing seeks to uncover a set of vulnerabilities that could be exploited to reach a particular target. The goal of this test is to assess the adequacy of a client’s various cyber defences and associated configurations to protect an identified information asset.

Clients may nominate which threat surface is to be used to launch the attack and tests can be conducted on or off-site according to our client’s requirements. The extent of the penetration that is to be conducted may also be set by our client.

Tests can be conducted on a white, grey or black box approach depending on the level of disclosure our clients wish to make in regard to their security infrastructure architecture. White box testing works on a full disclosure basis and saves time and money that would normally be spent on discovery and reconnaissance that an attacker would normally have to carry out prior to conducting a cyber-attack.

  • Chief Information Officer (CIO);
  • Chief Technical Officer (CTO);
  • Chief Risk (Management) Officer;
  • Chief Security Officers;
  • IT management.
  • Tests of the chosen infrastructure defence infrastructure and security configurations;
  • Tests the effectiveness of IPS/IDS, firewall configurations and router, switch and server hardening as is relevant;
  • Tests the effectiveness of security event instrumentation, monitoring, alerting and monitoring personnel responsiveness;
  • Uncover possible system and code vulnerabilities and identify exploitable access control issues.

The penetration testing service provides our clients with:

  • A thorough test of cyber defences protecting a given information asset or service;
  • Tests the effectiveness of security event instrumentation, monitoring, alerting and monitoring personnel responsiveness
  • A detailed report on how the penetration was achieved;
  • A set of priority steps to take in order to mitigate the identified vulnerabilities;
  • Guidance on how to address issues identified.
  • Tests can be conducted by certified professionals to meet annual PCI-DSS and ISO27001 compliance requirements.

Furthermore, the testing is not limited to specific website development languages or web-server technology.

  • We provide our clients with a comprehensive report on the vulnerability testing which includes:
    • A management (executive) summary;
    • A detailed risk register;
    • Prioritised remediation process and technical details and evidence for the outcomes of each test
  • A technical and managerial review of results with the team which conducted the testing in order to:
    • Provide clarity on the identified vulnerabilities and
    • Advice on the best practice remediation steps that can be implemented.
  • Tests can be conducted by certified professionals to meet annual PCI-DSS and ISO27001 compliance requirements.
how can we help you?

Contact us at Gold N’Links Europe office nearest to you or submit a business inquiry online.

Request a quote for a pen test