Security is becoming an increasingly relevant concern for companies as cyber threats grow more advanced. Both the quantity and severity of cyber-attacks are on the rise, posing a major risk. While this shouldn’t deter organisations from utilizing online services, it should encourage them to step up their online security system. Regulatory compliance also requires an increasing level of responsibility to protect any internal or external data. Greenfinch have the expertise to advise you on the best approach to take.
An effective way to investigate how potential intruders may compromise your network involves conducting an attack under controlled conditions. Referred to as penetration testing, this approach serves as a type of ethical hacking, whereby your systems will be tested. Any vulnerabilities are identified and manually tested, which exposes any weaknesses in your system that could facilitate unauthorized access.
Web Application Penetration Testing
This will be performed remotely to test publicly facing web applications and associated API’s, using ethical hacking to identify vulnerabilities. These are tested and rated on a scale of severity and priority against current best practice (OWASP). The service replicates the attack vectors of malicious actors and includes full open source reconnaissance.
A full report will be produced including technical breakdowns of all issues discovered, as well as recommended best practice mitigations. Each discovered potential vulnerability is manually tested to reduce false positives as much as possible.
Advanced Penetration Testing
This service builds on the previous web application pen test to include onsite connected systems, equipment, and network perimeter involved in maintaining and supporting the solution.
This service adds to the comprehensive assessment of web application vulnerabilities, by analyzing the state of applied patches on physical infrastructure, and potentially analyzing network traffic. This involves both remotely testing publicly facing elements, and non-publicly facing infrastructure if hosted on-site.
This report will highlight both backend vulnerability or security misconfigurations, which in the event of a breach would allow a malicious actor to pivot or damage the internal network or infrastructure.