ApplicationPenetration Testing


Application Security

Our consultants are practitioners of both CREST and Open Web Application Security Project (OWASP) to assess every aspect of the application's security from authentication mechanisms through to business logic and beyond. Often we find today that your applications may exist across different platforms; developed and maintained by different teams of developers, which can lead to a different number and different types of vulnerabilities, as such our team are versed in several different languages and protocols, to fully assess any security implications that may exist on your platform.

A small list of applications of some of the types of applications we are familiar with:

  • Web-based (ASP, ASPX, CFM, JSP, PHP, WAR)
  • Thick-clients (.NET, Java, PE, ELF)
  • XML based languages (e.g. SOAP)
  • Javascript (e.g. REST, JSON)

Infrastructure Security

With over ten years penetration testing experience, our testers have worked in many different sectors and environments. Our testers are versed in multiple Operating Systems (OSs) and different types of network architecture, whether your organisation has a flat network, or a mature security focused network with multiple LANs. We can certain help you assess and mitigate any architectural weaknesses that may be present (or hidden) in your business network.

Our testers adhere to the CREST methodologies.

Some of the frequent network architectures encountered:

  • Active Directory
  • LDAP
  • Cloud infrastructures
  • Multiple VLANs
  • Voice Networks
  • MPLS infrastructures
  • Virtual Private Networking & Dial-Up

Server/Workstation/Device Hardening

Our consultants are proficient with the following Operating Systems:

  • Windows Desktop XP - 10
  • Windows Server 2003 - 2016
  • Mac OSX
  • Linux (e.g. Debian, Redhat, SUSE, etc)
  • Solaris
  • HP-UX
  • AIX

in addition to the following networking devices:

  • Cisco IOS (routing and firewalls)
  • Checkpoint firewalls
  • Juniper SRX