Skip to the content

Penetration Testing

Cybersecurity testing from CREST certified experts.

Read Datasheet

% of data breaches are caused by cyber attacks       Chess is certified by The Council for Registered Ethical Security Testers (CREST)      More than 2/3 of respondents expect that the time to identify and contain a data breach to increase. 2020 Cost of a Data Breach Report
More than 2/3 of respondents expect that the time to identify and contain a data breach to increase. 2020 Cost of a Data Breach Report
Chess is certified by The Council for Registered Ethical Security Testers

Discover your vulnerabilities before the hackers do

With people working from home, from offices, or a combination of both, security has often been left as an afterthought.

Hackers are taking advantage of newly created vulnerabilities in the system, with huge increases in the number of attacks reported.

Penetration Testing is a deep dive into your network's security, designed to discover areas of concern and highlight where improvements could be made in infrastructure, procedures and policies.

s

CREST Certified 

Entrusting your IT systems and sensitive data to a stranger for PEN testing can be a risky business. Chess is certified by The Council for Registered Ethical Security Testers (CREST), a non-profit organisation which aims to bring high quality and constancy to the global technical cyber security sector. CREST provide internationally recognised accreditations for organisations and individuals providing penetration testing services, ensuring you’re in safe hands, and that you can expect the very best from your penetration tester.

Types of penetration testing

External Penetration Test

Replicating a real-life attack and targetting everything Internet-facing, involving an external approach and fully automated.

The penetration tester will focus on identifying network vulnerabilities, including issues with network services and hosts, devices, web, mail and FTP servers.

Internal Penetration Test

Aiming to identify and exploit internal vulnerabilities. These are unique to each individual organisation, so the test is tailored to your specific requirements.  

This type of test requires access to your internal network, provided by you or by exploiting a compromised system.

Social Engineering

Manipulating people into leaking sensitive information or providing unwarranted access is social engineering.

 The penetration tester will research the company and its people to gain trust. They may attempt physical infiltration and also use email, social media and calls.

Vulnerability Testing

Vulnerability Assessment gives you an understanding of your security posture and it's a quick, cost effective way to identify and focus on areas that can be fixed easily. Bigger organisations often opt to perform a Vulnerability Assessment at least every quarter.

Red Team Engagement

A more advanced version of a penetration test often involving multiple testers, carrying out a targeted attack with a single objective, aiming to be completely unnoticeable.

During the test there is an immediate Blue Team (Response) to stop a Red Team (Attackers) in their tracks.

 

Black-Box Testing

A high-level assessment that focuses on the behaviour of the software. Black-box testing can be applied to virtually every level of software testing: unit, integration, system, and acceptance.

It involves testing from an external or end-user perspective. 

 

White-Box Testing

Checking the internal functioning of the system and based on coverage of code statements, branches, paths or conditions. White-box testing is considered as low-level testing.

The white-box testing method assumes that the path of the logic in a unit or program is known.

The Six Stages of Penetration Testing

 

Determining the reasons you need a penetration test, and documenting the process you are going to use. Understand your drivers and motivations for requiring a penetration test. Is it regulatory compliance? Or the fact that your business holds commercially sensitive intellectual property? Your motivations will influence the scope of your pen test.
Researching the network and establishing what details and data can be found. Your pen tester will review and gather information on the system or systems where entry points might exist and how they could be accessed. These will include elements such as employees, IP addresses, email addresses, websites, social media and other network-based systems.
Using various tools and techniques to identify potential vulnerabilities, gateways and vectors into the network. Commonly, pen testers use a mix of automated and manual tools to examine attack avenues and find network vulnerabilities.
Attempts to penetrate the network defences and (if in scope) gain of control over a target system. The aim, having first gained access to the network, is to see how far the attack can go, establishing administrative privileges where possible and then using them to effect lateral movement to other systems.
Having completed the exploitation phase, the pen tester will create a penetration test report which includes findings on the vulnerabilities discovered, the full extent of access that was gained, detail of systems that were breached, changes (if any) that could be made and a set of recommended remediation actions.
If required, your penetration tester may provide consultancy services to reduce or fix any vulnerabilities found and improve overall security. It’s also worth saying that your pen testing provider will ideally offer a social engineering test, such as a phishing exercise. The human security interface is always a difficult area because internal employees may unwittingly be duped into giving hackers security information or may click on bogus links.

Most common cyber vulnerabilities

Read our whitepaper 12 Common Vulnerabilities Found During Penetration Testing to learn about the sorts of vulnerabilities that you might unknowingly be allowing on your network and to prepare your team for the results your penetration tester might uncover.

Useful Resources

Data Sheet

Cybersecurity Pen Testing

Webinar

Securing Remote Workers

Guide

Remote Access Penetration Tests

.

Speak to a Product Specialist

You can fill out the form and one of our product specialists will contact you shortly with more information.
Sales
To contact our Sales team directly, please call 0344 770 6000 and choose option 4.
Customer Service
For general queries or to report a non-urgent fault, please log a ticket on our customer portal using the email address associated with your account. Logging a ticket is quick and easy to do. Once you have logged your ticket, we will respond within 24 hours or your Service Level Agreement, whichever is quicker.
I agree for my information to be used for marketing communications.