contact us

+44 (0)845 52 000 85

excellence as standard

What Is Penetration Testing - Understanding what is important ?

Penetration Testing actively attempts to 'exploit' vulnerabilities and exposures in an organisation's environment. Through exploiting the security weakness, a Penetration Test will attempt to gain read/write access to system resources, gain shell access to operating systems and obtain comprehensive access to application and database resources. Once a device has been compromised, a Penetration Test will look to branch out and gain further access to system resources that reside on DMZ and Internal networks. A Penetration Test is designed to simulate the tasks and efforts that a real world attacker might look to exploit, but without damaging or disrupting any of an organisation's production services.

Nettitude has been carrying out Penetration Testing engagements for a broad range of public and private sector companies for many years. Our depth and breadth of experience enable us to deliver high quality Consultancy Led engagements that both identify all areas of penetration whilst also providing appropriate remediation recommendations so that you can tighten your overall security posture.

Nettitude's Penetration Testing Services respond to your business needs.

>White Box Testing
In a White Box test, clients provide Nettitude with information about the applications and infrastructure prior to the commencement of the testing engagement. Usernames and Passwords are provided to Nettitude's testing team as part of the engagement, and the client may provide us with access to source code. In this type of testing engagement, Nettitude works closely with the client to perform the assessment. These types of tests tend to gain deeper understanding of the application and infrastructure logic, and may generate more comprehensive test results than other penetration testing approaches.

>Black Box Testing
In a Black Box test, the client provides Nettitude with no information about their infrastructure other than a URL or even just the company name. Nettitude is tasked with penetrating the environment as if they were an external attacker with no information about the infrastructure or application logic that they are testing. Black Box tests tend to take longer to commission than White Box tests and may identify less exposures and vulnerabilities than those of White Box tests.

>Grey Box Testing
A Grey Box test is a blend of Black Box testing techniques and White Box testing techniques. In Grey Box testing, clients provide Nettitude with snippets of information to help with the testing procedures. This results in a more focused test than in Black Box testing as well as a reduced time line for the testing engagement.

To find out more about how Nettitude can help you with your Security Testing requirements, please complete our contact form, and a Consultant will respond to your enquiry.

Nettitude can conduct Penetration Tests from any kind of network connection. Some of our more common engagements include testing conducted from the following vantage points:

Organisations may wish to conduct Penetration Tests that focus on specific types of technologies. Nettitude provides focused Penetration Testing to address individual application security requirements.

Nettitude has strong procedures and methodologies in place for all of their Penetration Testing engagements. Nettitude is an ISO 27001 Certified organisation, practicing the highest levels of Information Security practice across all of its divisions. In addition, Nettitude is a member of CHECK and CREST, the Council of Registered Ethical Security Testers. We provide comprehensive testing services within FSA, SOX and PCI DSS frameworks, and Nettitude is both a PCI DSS certified ASV and QSA company.