Quality, depth and accuracy of penetration tests can vary greatly between the different organisations providing these services –despite them holding the same accreditations. At NTA, we want our services, our reports and our people to be held in high regard by our clients, so we will not simply rely on automated, high level scanning from a commercial or freeware tool. Whilst our testing does incorporate the use of such tools, it is enhanced through the use of our own test engines and the experience, knowledge and ability of our people, providing a more manual and rounded penetration test.
Our range of tests, below, can be performed remotely or onsite, from a credentialed or non-credentialed perspective, once-off or regularly, and in combination with any of our services, to provide a depth and breadth of testing appropriate to the target system, data and perceived risk.
NTA’s application tests frequently identify issues from the OWASP Top Ten list of most critical vulnerabilities, with advice then being provided on how to apply the most appropriate fix.
Remote & mobile access testing provides an examination of remote access systems, mail gateways and Mobile Device Management (MDM) solutions, testing for vulnerabilities within the configuration of the portals and authentication mechanisms.
An NTA assessment of SCADA or ICS environments will consist of a targeted mix of testing and auditing the technical and procedural controls than govern your implementation. The service is consultant led and tailored to the solution you are designing or already have in place.
A VoIP security test provides an assessment of the configuration and security of the system, and determines if the corporate voice and data networks have been appropriately segmented. War Dialling is an exploratory black box service whereby attempts are made, using only a list of the organisation’s telephone numbers as a starting point, to gain access to the internal network.
Regardless of the time and money spent on protecting your data with the latest security technology, it is the people and processes within an organisation that can often be the weakest link. Our external and onsite social engineering exercises will allow you to establish where the vulnerabilities lie and will highlight how improving your peoples’ reaction to such attempts will protect your information.