Penetration testing (or pen testing), also known as ethical hacking, is the process of testing the security and finding vulnerabilities of computer systems, networks and applications (web, mobile and bespoke), that an attacker could exploit or compromise to gain access to confidential data.
Razorthorn’s penetration tests are tailored to an organisation’s environment and needs. We will assess specific aspects of the security programme and the state of security of an organisation’s critical systems, networks and applications.
Our penetration testing team are selected for their experience and output quality. We draw on the intelligence gained from decades of experience in responding to the most sophisticated threat actors worldwide.
Benefits of Penetration Testing
Return on Investment
Penetration testing quantifies the value of your security investment. With the cost of cybercrime damage predicted to hit $6 trillion annually by 2021, an investment into your security is becoming more and more important. Ransomware damage costs are predicted to reach $20 billion by 2021, with businesses falling victim to ransomware attacks every 11 seconds. Ensuring your business is protected is no longer a “nice to have” but a “must have”.
Protect your Brand
Data breaches can seriously damage an organisation’s reputation, consumer trust and, consequently, sales. Penetration testing will help you protect your name, your customers’ trust and your customer acquisition and retention rates.
Improves business continuity and reduces network downtime
Identifying and fixing the weaknesses ensures that your business and revenue are not disrupted. Once a system has been breached, there is no telling how long it will take security and IT teams to get them up and running again, which reduces income making capabilities.
Finding Vulnerabilities First
The Razorthorn Penetration Testing service will evaluate your network and computer security in depth to find where your vulnerabilities lie. We’ll produce a comprehensive report so that these security holes can be closed down before a malicious hacker finds them. We use the same tools, know-how and methodologies that hackers would employ so that we gain the same insight to the vulnerabilities as they would.
Various regulations, such as ISO 27001, PCI DSS and GDPR, specify that you either should or must carry out a penetration test to determine whether your organisation is at risk from threats. Penetration testing can confirm that your organisation is continuing to comply with regulations or security certifications.
Protects Against Financial Damage
Penetration testing helps an organisation to evade potentially huge remediation costs by actively detecting and mitigating threats before security breaches or attacks take place. Additionally, there may be legal consequences – for example, in March 2020, Virgin Media faced a possible £4.5 billion compensation payout after a data breach left personal details of 900,000 customers online for 10 months.
The Razorthorn Approach to Penetration Testing
Our penetration testing service is all about taking the stress out of the process for you. So, our approach is designed to give you all the information you need in the most efficient way possible.
Step 1 – Scoping
Firstly, we will work with you closely to determine exactly what testing is required. This can be done either by completing a scoping document or via a call with your dedicated Razorthorn consultant – whichever format works best for you.
Step 2 – The Penetration Test
After the scoping and subsequent exchange of information, Razorthorn will book the test at a convenient time for you and our testers will remain in contact during the process. Testing will follow our standard approach of Investigation, Discovery and Exploitation. Our testing process follows the OWASP Top 20 framework.
Step 3 – Reporting Stage 1
The Management Summary
The Management Summary gives a non-technical, clear and precise description of the business impact of the penetration test attack. By reading the report, management will be able to clearly understand the operational IT risks affecting their business, and to plan a cost and time efficient process of security improvement, in order to minimise the identified risks in plain terms.
Step 4 – Reporting Stage 2
The Technical Report
Technical Report is designed for the client’s technical staff. The main purpose of the report is to show strengths and weaknesses of the client’s web applications and external infrastructure, and to advise how to improve its security. The technical report also enables the technical staff to become more familiar with the attack scenarios that hackers would use for attacking their infrastructure, in order to be able to prevent them in the future.
Step 5 – Post-test Support
Razorthorn is always available to support you in any requirement you have after the testing and report have been completed. Whether you need a call to clarify any findings, answer any follow-up questions or to have a discussion with your technical teams to assist in the remediation.
Why Choose Razorthorn for Penetration Testing?
- Razorthorn’s Penetration Testers are highly experienced professionals, accredited by world-leading standards and certifications.
- Providing both internal and external penetration testing for virtually any scenario such as;
- Infrastructure testing
- Wireless testing
- Web application testing
- Mobile testing
- Our methodology is aligned with industry best practices, such as OWASP.
- Our testers always have at least 5 years’ experience and in a wide range of different environments.
You will be able to use the information gathered from the test to fix and remediate any and all vulnerabilities. However, security changes can be complicated, especially when compliance regulations (such as PCI DSS) are involved, so if you require further help and guidance from security professionals, Razorthorn will assist you in whatever capacity you may require, whether this is a security project lead, a part-time CISO or a qualified auditor.