Penetration Testing

Why you might need this service

Over the last decade, threat vectors previously encountered only by nation states have become increasingly common. Our Cynergy team has been mitigating and managing the risks from these attacks for organisations for many years, and as the threat landscape shifts, so too have the number of organisations requiring access to our seasoned and trusted security professionals.

Penetration testing helps to identify security vulnerabilities which might otherwise leave your company open to compromise.
Our team has a proven track record in finding such vulnerabilities in some of the most complex, and sophisticated IT environments.

Evaluate your organisation’s security maturity

Detect and remediate security threats

Meet monitoring necessities and avoid penalties

Protect your company reputation

Tests your team response capabilities

As part of our value we use a panel of expert penetration testers. Issues can sometimes arise from doing the same testing on the same items, using the same tools, however Cynergy Intelligence uses best business practice to regularly change penetration testers.

Our security testing services are designed to:

Improve business awareness and understanding of your cyber
security exposure to risk Identity and fix security vulnerabilities before they can be exploited by criminals
Support ISO 27001, PCI DSS, GDPR and PAS 499 ID and authentication compliance
Provide independent technical assurance of your security controls
Enable the prioritisation of security investments through actionable intelligence
Demonstrate a continuous commitment to security to your customers and partners

Discover Attack Surface – Identifying all your-exposed assets and their location.

Launch Relevant Attacks – Launch exploratory attacks in order to further understand the attack surface.

Attack Development and Execution – Once the results of the initial attacks are known, attacks are redefined and developed further.

Gain Foothold – Should they be successful, the attacker has gained a foothold and the attack will be developed further to gain firm access.

Controlled Exploration of Access – The attacker will take advantage of whatever access has been gained. This may be access to data and information, or the exploration of further attacks.

Reporting – A detailed penetration test report. Vulnerabilities and security flaws will be ranked in order of criticality using the open industry standard Common Vulnerability Scoring System
(CVSS) framework. This will detail all vulnerabilities and security flaws found and the recommended remediation.

Our approach to security testing is based upon an organisation’s requirements, and the required outcomes. Tests can be performed from the perspective of an external attacker with no knowledge of the target services or infrastructure, as an authenticated authorised user, or with comprehensive understanding of the service and its design.

Once the assessment is complete, the scope and objectives of the service will be documented including terms of reference. Stakeholders, and their roles, will be agreed, and submissions and outputs formalised.

The delivery of the service will include ensuring submissions are received on time, compiled into the appropriate packs and distributed to all attendees, with minutes and actions recorded, published and tracked.