Digital Interruption

Penetration Testing

During a penetration test, we will assess your applications or infrastructure for any vulnerabilities that could be used by an attacker to infiltrate your company or put your customers at risk. We follow industry standard methodologies such as OSSTMM and NIST 800-15 as well as using our in house methodology based on the hundreds on penetration tests we’ve performed in the past. 

Penetration testing can come in different  types – white box, grey box or black box. This describes how much knowledge we’re given during the assessment or even before the assessment begins. This may sound confusing but our expert consultants will help you decide which is best for you.

Our consultants have a knack for looking for vulnerabilities in all kinds of applications – many of which may be using technologies never seen before. The Digital Interruption consultants were some of the first to find vulnerabilities in Virtual Reality applications and Android Wear.

Web applications are how most users expect to interact with a company and they need to be sure their data is secure. Our team of experienced ethical hackers use the same skills and techniques as real world attackers to help secure your business.

All our penetration testers also have professional experience writing web applications allowing us to really understand what is going on under the hood. We follow industry standards specific to mobile application testing including the OWASP top ten, OSSTMM and NIST 800-15 as well as using our in house methodology based on the hundreds on penetration tests we’ve performed in the past.

Our team has extensive experience in all common languages, such as Java, C#, Ruby, PHP, ASP.NET and Javascript, as well as web frameworks such as Structs, Ruby on Rails, and NodeJS. However, as we understand security, we can apply our expertise to even the most obscure technology.

Mobile is big business and increasing becoming the primary way customers interact with applications. You and your customers need the same level of protection whether on a web app or mobile app and we can help you deliver that.

We test both Android and iOS with experience in testing FinTech and banking apps. We’re experts in secure mobile development, check out or popular with paper on secure mobile development here.

We follow industry standards specific to mobile application testing including the OWASP mobile top 10 to test your mobile applications are safe from attack scenarios such as lost or stolen devices, malware, attackers targeting your users or attackers using the app to learn about your environment.

With the GDPR now in force and several big breaches hitting the headlines, infrastructure security has never been more scrutinised. If compromised, a breach could cause you major issues.  

Infrastructure attacks could take your business off-line, release business sensitive information or compromise the personal data of your customers.

With experience in network testing for big banks and governments, our Offensive Security certified testers can help you protect your network, identifying vulnerabilities and weaknesses that may put your business at risk.

Security awareness is key to keeping your organisation safe from social engineering attacks such as phishing. Even if you feel confident that your employees are trained to deal with the kind of attacks used when attempting to obtain sensitive information such as usernames, passwords and credit card details, you may want to test this from time to time. 

Our consultants will simulate realistic phishing campaigns, mirroring the latest techniques employed by attackers when they attempt to penetrate an organisation with phishing emails.

There are no bad results from a phishing simulation. The results will either tell you that your security awareness training is up to date and working well or it will identify any gaps you need to fill and areas you need to focus on. 

Security awareness isn’t just about phishing attacks and many organisations overlook their physical security. Things like laptop theft, unlocked terminals, tailgating and secure server rooms can cause huge security vulnerabilities that firewalls and secure coding can’t protect against. 

Through physical penetration tests our consultants have gained access to sensitive information, networks and intellectual property via unauthorised access to places of work. 

Mimicking attackers, we’ll use a number of social engineering techniques to test the boundaries of both your physical and human security to provide you with a realistic assessment of your security weaknesses. 

Read Team Simulation uses several techniques to emulate a large scale offensive campaign against an organisation. This will include attacks on the organisation’s technology, network, employees, and places of work.

This simulation will help you understand all aspects of your organisation’s security, testing how you detect attacks, and if your defensive mechanisms are robust enough to cope with the type of attacks that are affecting organisations today.

Red Team Simulations are an investment, both in terms of time and cost. They can take weeks or months to set up, and often require multiple consultants. To be effective, they must be kept completely confidential; if employees know that the attack is in progress, they won’t respond in the same way as they would to an unexpected attempt by a malicious actor.

Code review is an effective technique for identifying security flaws. It can be used alongside automated and manual security testing and in some cases as a stand alone technique to ensure the security of your applications.

As former developers, our technical consultants have many years experience in reviewing source code and uncovering security vulnerabilities. 

When working in an Agile environment, code review can be one of the most cost effective ways of embedding security in to your development process, demonstrating security by design and instilling good practice within your development teams.