Get in touch
IT Governance is a CREST-accredited provider of security penetration testing services.
Our range of penetration testing services enables organisations of all types and sizes to manage their cyber security risks effectively by identifying security flaws in their infrastructure, applications, wireless networks and people.
Contact us today to request a quote for:
Our web app pen tests focus on vulnerabilities such as coding errors or software responding to certain requests in unintended ways. These tests include:
- Testing user authentication to verify that accounts cannot compromise data.
- Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting) or SQL injection.
- Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
- Examining database server and web server security.
Find out more
Our external infrastructure tests examine vulnerabilities affecting your operating systems and network architecture that might allow external attackers to access your systems. These tests examine network components and tools such as:
- Servers and hosts.
- Firewalls and wireless access points; and
- Network protocols.
Find out more
Our internal infrastructure tests attempt to identify network and operating system vulnerabilities from the point of view of anyone with insider access to your systems, applications or data, such as employees or contractors.
Find out more
Our combined infrastructure and web application tests identify potential vulnerabilities in your infrastructure, websites and web applications.
Find out more
Our wireless network tests examine security vulnerabilities affecting your wireless networks, such as:
- Information leakage and signal leakage.
- Encryption vulnerabilities, such as wireless sniffing and session hijacking; and
- Weak access controls.
Find out more
Our remote access security assessments combine web application and infrastructure testing. They are performed remotely and assess your externally facing remote access solutions, looking for:
- Inadequate/insecure authentication.
- Weak configurations.
- Default settings; and
- Outdated software and patching levels.
Find out more
Our remote compromise tests will assess the security controls protecting your network if your remote access solution is compromised. They will test for:
- Weak configurations (e.g., default settings).
- Outdated software and patching levels.
- Insecure authentication.
- Weak permissions; and
- Means of bypassing antivirus software.
Find out more
Our gold build tests employ a mix of advanced manual testing techniques and automated scans to examine your gold build processes and images for vulnerabilities that could affect your infrastructure. These tests examine:
- Secure configurations.
- Network traffic.
- Secure passwords.
- Patching.
- Secure authentication.
- Encryption; and
- Information leakage.
Find out more
Our red team assessments comprise a thorough investigation of your organisation’s cyber security and ability to fend off skilled, dedicated attackers. Our expert penetration testers will use any methods at their disposal to non-destructively gain access to your networks, systems and information, giving you a complete understanding of your organisation’s resilience to cyber attacks.
Find out more
Our social engineering tests will assess your employees’ susceptibility to social engineering attacks. The scope of each engagement is tailored to your organisation’s requirements and goals. We can use both traditional and non-traditional techniques to test your resilience to an attack. These might include:
- Open-source intelligence gathering.
- Phishing and social engineering attacks against agreed targets.
- Perimeter and internal surveillance attacks.
- Staff procedure bypasses.
- Data exfiltration, acquiring assets and intellectual property rights; and/or
- Assessing staff and management training.
Find out more
A simulated phishing attack will establish whether your employees are vulnerable to phishing emails – the most common way malware enters an organisation.
We will design and build the attack based on your requirements. This usually involves:
- Setting up a domain from which to send the phishing email, which may be designed to closely resemble one of your own domains.
- Developing a template to mimic your organisation’s email templates or those of trusted suppliers; and
- Building web pages for phishing emails to direct to.
Find out more
This package combines a simulated phishing attack with a staff awareness training programme so you can determine the extent to which your employees are vulnerable to phishing attacks, then educate them about what they need to be aware of.
Find out more
Our CREST-approved automated vulnerability scanning service quickly identifies vulnerabilities and misconfigurations in your websites, applications and infrastructure that cyber criminals might exploit.
Find out more
Comply with PCI DSS (Payment Card Industry Data Security Standard) requirement 11.2.2 with this scanning service fulfilled by a PCI ASV (Approved Scanning Vendor). Receive a compliance report, an executive summary report, a supporting spreadsheet and a letter of attestation to prove your PCI compliance.
Find out more
Our PCI Penetration Test will test your security systems, public-facing devices, and systems, databases and other systems that store, process or transmit cardholder data to discover security vulnerabilities that a cyber attacker might exploit. We will assess key areas of your network, such as:
- Segmentation.
- Secure configuration, patching and hardening.
- Protocols used to transmit cardholder data.
- Authentication processes.
- Password authentication services and identity verification.
- SSL/TLS configurations.
- Server configurations; and
- User access privileges and session management configuration.
Find out more