Penetration Testing

Increasing Your Cyber Effectiveness, Decreasing Your Cyber Expenditure

A Full-Suite Penetration Test imitates attackers from multiple avenues. From a technical aspect: this includes from the perspective of an internal attacker or disgruntled employee, an external attacker attempting to breach the perimeter from the internet, or an attacker attempting to exploit coding weaknesses in Web Applications to access backend databases. Non-technical penetration testing includes attempting to trick staff through fraudulent emails, call impersonations, or onsite impersonations attacks to breach physical security.

This test inspects technological weaknesses and also weaknesses in people that could be used to disrupt the confidentiality, availability or integrity of the network, effectively allowing the organisation to address each weakness with confidence.

The strongest technical security infrastructure don’t matter if a susceptible employee clicks on a fraudulent email which installs malware erasing all customer information, or if an attacker can physically walk into a business and deploy hacking software. In order to get the most thorough understanding of the attack surface of a business, it is recommended to perform full-suite penetration testing services.

CTRL Group’s list of penetration tests includes Web Application Testing, Internal Testing, External Testing, Mobile Application Testing, API Testing, Operational Technology Testing and Social Engineering.
Why Is This Important

Provide an organization a deep understanding of the maximum attack surface possible.
Enable an organization to measure its security maturity accurately.
Provide an assurance to executive board and stakeholders that controls are in place to determine and address security risks.

FAQ’s

How long does it take to complete a test?

A full-suite penetration test takes up to one month which includes Web Application Penetration Testing, External Perimeter Testing, Internal Testing, Phishing Attacks, Phone Attacks and Onsite Attacks. You may elect to Penetration Test only a specific business component which will reduce the time taken to complete.

What information will I need to provide to define the scope of the engagement?

The information required will depend on which type of penetration test is being executed. For technical testing, a technical staff person being presesnt during a scoping meeting will be highly advantageous. A technical staff person is not required for Phone Attacks or Onsite Attacks.

What is the level of involvement and support required from my team?

Approximately 30 minutes for a scoping meeting. Involvement which may be required during testing will depend on the type of testing which is being executed.

How is my data handled?

Penetration Testing data is stored on AES 256 bit encrypted media. No data is held outside of Australia and is securely removed within 90 days of testing.

How are the test results delivered?

Secure links are provided to download the files. The files are encrypted with a password which is SMS'd to you to unlock. The secure links also expire within 7 days.