What is Penetration testing?
A pentest is a security assessment aimed at identifying technical vulnerabilities in IT and communications systems that could leave your organisation open to attack should they be exploited by a potential threat actor.
Once identified, these weak points – which can be within network infrastructure, application, internal processes, or even business logic – can be remediated to strengthen your overall security posture, ultimately helping you to harden your defences against malicious users and provide a heightened level of security.
Pen testing not only helps to improve security, but can also facilitate a more efficient and effective use of budgetary resources.
Context’s penetration testing services
Our penetration tests are performed in a controlled environment utilising means and methods similar to those that a real-world unauthorised attacker would use to penetrate an organisation’s IT and communications systems. Once we identify a vulnerability, we will establish the impact of that vulnerability and provide the relevant remediation advice. This enables our clients to understand the implications on the business and to identify opportunities to improve systems, design and development processes, or operational policies and procedures.
We have developed a solution called TRigER (Testing Rig for Engaging Remotely) which enables remote testing of systems that are only available within client networks. The TRigER device allows testing that would traditionally be done on site, to be conducted remotely by Context consultants, in circumstances where our client is unable to provide site access. The device can be used for conducting penetration tests on internally hosted applications, web services, application servers and for certain types of internal infrastructure testing.
Types of penetration test:
- Web application security testing
- Cloud Security Assessments
- Network penetration testing (Internal and External Infrastructure Testing)
- MDM Configuration Reviews
- Mobile Application and Device Security
- Red Team and Scenario Based Testing
- Code Reviews
- Build Reviews
- NCSC Health Checks, Product Assurance and Tailored Assurance Services
After the completion of a pentest, a detailed report will be provided clearly stating the technical impact and ease of exploitation of the issues found. If required, we can also provide in-depth post-testing support.
Penetration tests should only be carried out by experienced consultants with the necessary technical skill set and qualifications. Context’s consultants leverage state of the art frameworks, strong technical knowledge and bespoke testing tools, and have a proven track record in finding security vulnerabilities in some of the most sophisticated technologies and platforms.
CREST penetration testing
As an NCSC, CHECK and CREST approved organisation, Context is trusted by both multinational blue-chip corporates and UK government bodies to provide penetration testing for web applications, internal and external infrastructures, mobile devices and applications, and wireless networks. We also have one of the largest penetration testing teams in Europe. Learn more about our accreditations.
What is the difference between a vulnerability assessment and a penetration test?
A vulnerability scan is an automated programme designed to identify weaknesses in infrastructure and web applications. Whilst vulnerability scanning tools can be useful to detect simple issues, they can lead to a lot of false positives when applied to more complex systems and applications. Pen testing is a more in-depth assessment that involves a skilled consultant in combination with a suite of pen testing tools to investigate available functionality, identify vulnerabilities and verify the impact of exploitation by simulating an attack. It is therefore recommended to use a manual penetration testing approach in conjunction with automated vulnerability assessment techniques to ensure false negatives and false positives are identified and assessed.