Yes – it’s ethical hacking though. Where you have authorized a penetration testing specialist or company to try and break into your systems (without causing damage) so you understand the weaknesses and can fix them before a real attacker actually does cause damage.

It all depends on the type, scope and your requirements. We can discuss the scope of our penetration testing services with you and provide a no obligation quote.

Pen testing services can only uncover the vulnerabilities and risks that are known at the time of the test. The cybersecurity world is continually changing and our skilled penetration security testers spend time staying abreast of these changes so our methodology is continuously evolving. Furthermore, an organisation’s IT systems are never static, software upgrades, new hardware, new cloud solutions, network changes all affect your security status and might mean the fantastic pen testing result you obtained last year no longer applies. We recommend that a company performs cyber security penetration testing at least annually or whenever there is a significant change. You should also have the pen testing frequency defined as part of your security testing programme. Don’t worry – our team of professional penetration testing specialists can help you to develop and manage your security testing programme if you don’t already have one.

It might be that you have compliance commitments to meet where a pen test is a requirement such as PCI DSS, ISO 27001, NZISMor GDPR. But most companies proactively engage in a pentest simply because it makes good business sense.

You only need to look at Equifax or Z for the consequences of a cyber attack; lost business, damaged reputation, chaos! Don’t let that happen to your company. You might think your systems are secure but penetration testing will validate that; giving you assurance and one less thing to worry about.

A pentest verifies whether your security controls and processes are sufficient and provide an adequate level of protection to mitigate the risks exposed by cyber threats. If not, our comprehensive report will guide you on which gaps pose the most risk so you can decide where to focus and make the right investment.

Penetration testing follows a structured testing methodology. Broadly, all forms of penetration testing adhere to some variant of the process shown below, and tests progress through each of these steps in order. The activities performed and amount of time spent on each step will vary depending on the nature of the pentest, the scope agreed prior to testing, and the target system.

Penetration testing process:

1. Carry out planning
2. Conduct research
3. Identify vulnerabilities
4. Exploit weaknesses
5. Report findings
6. Remediate issues

Our methodologies are built based on industry best practice, though bear in mind that it is used as a guideline. Our actual security testers often spend considerable time trying to hack into a system using any method they can, and develop the most appropriate methodology that each scenario demands.

Penetration testing (known as a  ‘pentest’ in the industry) is the means by which you authorise skilled ethical hackers to identify and test the vulnerabilities in your systems so you can address the issues before the real hackers exploit them.