Combined Infrastructure and Web Application Penetration Test

SKU: 4452

Format: Penetration test

IT Governance’s combined infrastructure and web application penetration test helps to identify potential vulnerabilities in your infrastructure, websites and web applications.
This fixed-price penetration test, conducted by our CREST-accredited team, includes recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service

Overview

Our combined infrastructure and web application penetration test is built upon an established bespoke methodology primarily based upon the OWASP Top 10 Application Security Risks 2017 and OSSTM (Open Source Security Testing Methodology) for networks. This approach emulates the techniques of an attacker, using many of the same readily available tools. This enables a full assessment of the key components of the web applications and external network infrastructure.

The identified vulnerabilities are presented in a format that allows you to assess your organisation’s relative business risk and the cost of remediation.

Your challenge

Penetration testing is also an essential component of any ISO 27001 ISMS (information security management system) – from initial development through to ongoing maintenance and continual improvement.

Technical vulnerabilities affecting your information technology assets can be exploited by external attackers. These vulnerabilities – such as unpatched software, inadequate password and access control, and insecure applications – can put your entire information security management system at risk of failure or increase the time and money spent on its implementation.

Our service offering

A review of the testing environment to assess your application and network, and identify information that would be useful to a criminal hacker.
A range of manual tests using a methodology closely aligned with the OWASP (Open Web Application Security Project) and OSSTM.
A series of automated vulnerability scans.
Immediate notification of any critical vulnerabilities to help you act quickly.
A detailed report that identifies and explains the vulnerabilities (ranked in order of significance).
A list of recommended countermeasures to address any identified vulnerabilities.
An executive summary that explains what the risks mean in business terms.

Benefits

Our penetration test will help you:

Gain real-world insight into vulnerabilities, including unpatched software, inadequate passwords, poorly coded websites and insecure applications;
Discover the most vulnerable route through which an attack could be made; and
Find any loopholes that could lead to the theft of sensitive data.

Require a level 2 penetration test?

We’ve designed our standard packages to be easy and affordable, but if you are unsure of your requirements, or your needs are more complex and involve attempting to exploit the identified vulnerabilities, please call us to discuss. Our consultants can answer your questions and make the process painless. If you would like to talk to one of our testers or meet with them, we would be happy to arrange this for you.

Conditions