Penetration testing and ethical hacking tests the security of websites and network infrastructures in person and from remote locations employing a variety of methods both passive and active.
Simply put, we will test your defences and see if we can get through them.
Passive testing
This involves the gathering of information from publicly available data. Looking at such data is entirely legal. Organisations need to be aware of the footprint of the public data about them and have strategies to minimise it and to combat the use of this data to hack. For example:
- Public websites
- Corporate filing information for example to tax or company registration authorities
- Presentations given by staff at public events
- Social media profiles on Linked-In, Facebook, Google Plus and Twitter
Active testing
Active testing involves the use of tools to gather information about specific technical resources in a company. These techniques generally require written permission from the server owner or client concerned as they are invasive and could be perceived as deception or an offence without permission under computer misuse regulations.
- Finding out where a server is physically located, what OS it is running and so on
- Scanning servers for open ports and known vulnerabilities
- Attempting to take control of a server or site through known vulnerabilities
- Testing perimeter physical security by bluffing our way into your building or data room
- Social engineering to get access to sensitive information