Penetration testing resources

Our penetration testing experts share practical insights about implementing a penetration testing programme. Designed to inform information security professionals, this webinar will help you to conduct effective, value-for-money penetration testing as part of a technical security assurance framework.

Most organisations are the target of random, indiscriminate attacks, and they need an appropriate level of penetration testing to ensure their defences are adequate. But while many organisations know they need penetration testing, it can be hard to know how to fit them in to a larger security programme, or even how to get started.

Our white paper, "Assured Security: Getting cyber secure with penetration testing", provides a clear introduction to best-practice penetration testing.

A penetration test identifies the vulnerabilities that leave your infrastructure and applications exposed, and gives you the information you need to close any gaps in your security.

Learn how IT Governance approaches a penetration test and how our penetration testing services can strengthen your security posture.

Collinson Group is a rapidly evolving organisation that operates a diverse set of market-leading technologies. It needs its systems to be secure and dependable, but it had no way of knowing whether its defences provide adequate protection. Penetration testing provides that information.

Download the case study to find out how penetration testing helped Collinson Group test its ability to protect its applications.

Hacking is not the preserve of master cyber criminals. Unskilled computer users can easily download and run hacking software designed to search for, find and exploit known vulnerabilities wherever they occur.

This infographic gathers the latest facts and figures on cyber attacks and hacking, and offers reasons organisations should test the security of their IT infrastructure – from networks to applications.

Web applications often process and/or store sensitive information including personally identifiable information, cardholder data and proprietary data. They connect with the corporate infrastructure and can communicate freely with the corporate Cloud at the point that users grant access through open authentication.

This infographic describes the application dilemma and offers suggestions for helping to answer the threat.

Network penetration tests focus on the organisation’s boundaries – how it connects with the Internet and other external systems. If the interfaces are not designed correctly, this creates a perfect loophole for hackers to enter a network.

This infographic describes the risks posed to the network from both internal and external threats.

Wireless capabilities can provide opportunities for attackers to infiltrate an organisation’s secured environment – irrespective of security access controls. Pen testing can help validate weaknesses in the wireless infrastructure.

This infographic describes the common types of Wi-Fi attack and how penetration testing can help to validate weaknesses.

As phishing attacks increase in frequency and sophistication, it is critically important that end users and businesses learn to identify them and how to react when they are being targeted.

To do our part in spreading cyber security awareness, we’ve created an infographic covering phishing attacks and what users can do to protect themselves against this common online threat.

The prevalence and reach of ransomware was emphasised when WannaCry spread rapidly across 200,000 organisations in 150 countries, including the UK’s National Health Service, Telefónica in Spain, and Nissan’s Sunderland plant, among many others.

This shareable infographic provides a quick guide to ransomware – what it is, how it works, what happens when your system is infected and what you can do to stop it.

As cyber attacks become easier to perpetrate, organisations must improve their cyber defences by taking an integrated and intelligence-led approach to cyber security that considers technology, processes and people.

Get started with our complimentary Cyber Testing Playbook and learn how to prevent breaches, detect them when they occur and respond intelligently to minimise the impact.

Penetration testing produces management reports describing the state of your information security measures. These can be used to demonstrate that your IT spending is appropriate and cost-effective, or that further investment is necessary.

In this guide, we’ve listed 20 compelling reasons frequent penetration tests and vulnerability assessments are crucial.

Article 32 of the Regulation requires organisations to implement technical measures to ensure data security. For GDPR compliance, penetration tests are crucial because they provide a final, end-of-state check to make sure all the security controls required have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify potential risks to personal data.

Download this green paper for practical guidance on how to conduct a penetration test that supports GDPR compliance.

Penetration testing is an essential component of any ISO 27001 information security management system (ISMS), from initial development through to ongoing maintenance and continual improvement.

This free green paper describes how penetration testing fits into an ISO 27001 ISMS project.