DI Security

Penetration Testing

During a penetration test, we will assess your applications or infrastructure for any vulnerabilities that could be used by an attacker to infiltrate your company or put your customers at risk. We follow industry standard methodologies such as OSSTMM and NIST 800-15 as well as using our in house methodology based on the hundreds on penetration tests we’ve performed in the past. 

Penetration testing can come in different  types – white box, grey box or black box. This describes how much knowledge we’re given during the assessment or even before the assessment begins. This may sound confusing but our expert consultants will help you decide which is best for you.

Our consultants have a knack for looking for vulnerabilities in all kinds of applications – many of which may be using technologies never seen before. The Digital Interruption consultants were some of the first to find vulnerabilities in Virtual Reality applications and Android Wear.

Our team has extensive experience in all common languages such as Java, C#,Ruby, PHP and JavaScript and web frameworks such as Structs ASP.NET, RoR and NodeJS however as we understand security, we can apply our expertise to even the most obscure technology. 

By taking a general approach to security, we’ll tech you not only how specific vulnerabilities work (such as SQL Injection and Authentication Bypasses), but how to understand the wider classes of bugs. This will allow you to keep breaking and exploiting software even as the technology changes. 

This course is for anyone that is interested in web application security – from would be penetration tester to software developers looking to understand how real attacks occur. 

Mobile is big business and increasing becoming the primary way customers interact with applications. You and your customers need the same level of protection whether on a web app or mobile app and we can help you deliver that.

We test both Android and iOS with experience in testing FinTech and banking apps. We’re experts in secure mobile development, check out or popular with paper on secure mobile development here.

We follow industry standards specific to mobile application testing including the OWASP mobile top 10 to test your mobile applications are safe from attack scenarios such as lost or stolen devices, malware, attackers targeting your users or attackers using the app to learn about your environment.

With the GDPR now in force and several big breaches hitting the headlines, infrastructure security has never been more scrutinised. If compromised, a breach could cause you major issues.  

Infrastructure attacks could take your business off-line, release business sensitive information or compromise the personal data of your customers.

With experience in network testing for big banks and governments, our Offensive Security certified testers can help you protect your network, identifying vulnerabilities and weaknesses that may put your business at risk.

Security awareness is key to keeping your organisation safe from social engineering attacks such as phishing. Even if you feel confident that your employees are trained to deal with the kind of attacks used when attempting to obtain sensitive information such as usernames, passwords and credit card details, you may want to test this from time to time. 

Our consultants will simulate realistic phishing campaigns, mirroring the latest techniques employed by attackers when they attempt to penetrate an organisation with phishing emails.
 
There are no bad results from a phishing simulation. The results will either tell you that your security awareness training is up to date and working well or it will identify any gaps you need to fill and areas you need to focus on. 

Security awareness isn’t just about phishing attacks and many organisations overlook their physical security. Things like laptop theft, unlocked terminals, tailgating and secure server rooms can cause huge security vulnerabilities that firewalls and secure coding can’t protect against. 

Through physical penetration tests our consultants have gained access to sensitive information, networks and intellectual property via unauthorised access to places of work. 

Mimicking attackers, we’ll use a number of social engineering techniques to test the boundaries of both your physical and human security to provide you with a realistic assessment of your security weaknesses. 

Red Team Simulation uses several techniques to simulate a large scale offensive campaign against an organisation. This will include attacks on the organisations technology, network, employees and places of work.  

This simulation will help you understand all aspects of your organisations security, testing how you detect attacks and if they a robust enough to cope with attacks that are affecting organisations today. 

Red Team Simulations are an investment, both in terms of time and cost, as they can take months to set up and often need multiple consultants involved. To be effective they must be kept completely confidential as if employees know they are in progress they wont behave in the same way as an unexpected attempt by an attacker.

Code review is an effective technique for identifying security flaws. It can be used alongside automated and manual security testing and in some cases as a stand alone technique to ensure the security of your applications.

As former developers, our technical consultants have many years experience in reviewing source code and uncovering security vulnerabilities. 

When working in an Agile environment, code review can be one of the most cost effective ways of embedding security in to your development process, demonstrating security by design and instilling good practice within your development teams.