Penetration Testing

As part of Fortis’ Security Risk Assessment Services suite, its Penetration Testing services enable clients to identify, assess and prioritise vulnerabilities and security flaws across their applications & API’s, platforms and infrastructure.

Penetration testing will help to identify security vulnerabilities which might otherwise leave your company open to compromise. Fortis has a proven track record in finding such vulnerabilities in some of the most complex, and sophisticated IT environments.

SECURITY PENETRATION TESTING

Over the last decade, threat vectors previously encountered only by nation states have become increasingly common in the Enterprise. The Fortis team has been mitigating and managing the risks from these attacks for our clients for years, and as the threat landscape shifts, so too have the number of organisations that require access to our seasoned and trusted security professionals.

With its broad industry experience, Fortis Information Security can work alongside your organisation to provide the benefit of situational awareness, usually reserved for those associated with these government departments, together with the context and understanding of corporate environments and the associated challenges and culture.

Our security testing services are designed to:

Improve business awareness and understanding of your cyber security exposure to risk

Identify and fix security vulnerabilities before they can be exploited by cyber criminals

Support ISO 27001, PCI DSS, GDPR and PAS 499 ID & Authentication compliance

Provide independent technical security assurance of your security controls

Enable the prioritisation of security investments through actionable intelligence

Demonstrate a continuous commitment to security to your customers and partners

COMMON TYPES OF PENETRATION TESTING WE OFFER:

Fortis approach to security testing is based upon your requirements, and the required outcome. Tests can be performed from the perspective of an external attacker with no knowledge of the target services or infrastructure, as an authenticated authorised user, or with comprehensive understanding of the service and its design.

External network (or infrastructure) penetration testing

Internal network penetration testing

Web application penetration testing

Cloud penetration testing including AWS, Azure and GCP

Mobile iOS, Android applications and API penetration testing

Fortis’ penetration testing and red teaming group are extremely well certified, holding multiple certifications awarded by bodies such as CREST, Offensive Security and the Tiger Scheme. Fortis also complements this focused knowledge with its National Cyber Security Centre (NCSC) Certified Cyber Professionals, to provide a valuable wider viewpoint to penetration testing assurance.

Alongside certifications our testers also engage with the security community, present at specialist security testing conferences and have co-authored books on testing.

Wireless Network (WiFi) penetration testing

Social Engineering (both physical and digital social engineering penetration tests)

Red Team, full spectrum attack simulation

Biometric systems penetration testing

FORTIS PENETRATION TESTING METHODOLOGY

As the penetration testing industry has matured, certifying bodies have increasingly demanded a standardised way of performing penetration testing activities. However, there is only so much standardisation that can be done before the creativity inherent in “hacking” is removed and the benefit of the service is lost. Nevertheless, this same standardisation encourages better quality testing exercises by making sure that a minimum level of testing is completed.

Fortis methodology is iterative in nature, this means that the process repeats itself until either all options have been exhausted or the testing time-period has expired.

Fortis only employ highly skilled and experienced penetration testers which, when coupled with our governance, risk & compliance team’s vast industry experience and our excellent service management support ensures unparalleled technical deliverable, business alignment and client satisfaction.

Discover Attack Surface:

Each iteration starts with attack surface discovery – this can be at any level of the target, for example, authenticated or unauthenticated, or as a result of the exposure produced by another attack.

Launch Relevant Initial Attacks:

Next, exploratory attacks are launched in order to further understand the attack surface.

Attack Development & Execution:

Once the results of the initial attacks are known.

Gain Foothold:

Should the attack be successful, the attacker has gained a foothold.

Controlled Exploitation of Access:

In this iterations final stage, the attacker will look to take advantage of whatever access has been gained.

Reporting:

Will provide a detailed penetration test report. Vulnerabilities and security flaws will be ranked in order of criticality using the open industry standard common vulnerability scoring system (CVSS) framework.

YOUR SIMPLE ROUTE TO PENETRATION TESTING