With the growing use of Internet and the continuous
increasing number of hackers on the net, an increasing
number of organisations exist that provide Information
technology Security Audit or what is called (Penetration
Testing & Venerability) services. Many claim to employ
poacher turned gamekeeper types who have made a name for
themselves by hacking into well know highly secure systems.
These individuals are either technically bright or just
plain lucky. It does not matter how they managed to hack
one organisation or another, they are academics or amateurs
at heart who lack the business knowledge that is essential
in evaluating business risks. IT Security Audit consultants
have years of experience of highly complex IT architectures
and business processes enabling them to understand the
relative importance of security issues to the business.
Penetration Test Service
Penetration testing and vulnerability assessment services
are individually tailored to the customer. The scope of the
testing can range from individual external system testing to
enterprise wide external and internal reviews. After an
initial fact finding and project scoping exercise with our
consultant and the client, a team of highly skilled
consultants with complimentary skill sets are assembled for
the engagement. This ensures that the teams knowledge,
expertise and tool set offers complete coverage of the
systems being tested leaving no stone unturned.
Armed with detailed knowledge of attack methods and
vulnerabilities in common use, our own in-house tools and
established testing methodologies Pentest will simulate the
skill level of the potential attacker, ranging from script
kiddie to informed and highly skilled insider. This approach
offers a far more realistic attack simulation than that
offered by running a commercial vulnerability analysis tool.
The automated tool approach used by some security
consultancies has the benefit of being cost effective to
run, however this approach is aimed at the masses and is the
equivalent of a scattergun approach, generating long and
largely irrelevant reports. This method is unlikely to point
the consultant towards the vulnerabilities representing the
greatest threat to a client.
In addition to the standard system and application technical
tests, Pentest can perform social engineering attacks and
simulate competitive intelligence gathering on request.
Upon the completion of the test the client receives a report
detailing the attack methods used by the team and an
analysis of their findings. The report will also provide an
assessment of the level of risk presented by the
vulnerabilities found and recommendations for remedial work.
Finally, Pentest presents a summary of findings to
management and appropriate technical groups highlighting the
relevant issues, supported by the technical content of the
For more details of the above service please contact
or email firstname.lastname@example.org
Working in this way, our consultants are able to transfer
knowledge to our clients, leaving them better equipped to
deal with future issues themselves