s
CREST Certified
Entrusting your IT systems and sensitive data to a stranger for PEN testing can be a risky business. Chess is certified by The Council for Registered Ethical Security Testers (CREST), a non-profit organisation which aims to bring high quality and constancy to the global technical cyber security sector. CREST provide internationally recognised accreditations for organisations and individuals providing penetration testing services, ensuring you’re in safe hands, and that you can expect the very best from your penetration tester.
Types of penetration testing
External Penetration Test
Replicating a real-life attack and targetting everything Internet-facing, involving an external approach and fully automated.
The penetration tester will focus on identifying network vulnerabilities, including issues with network services and hosts, devices, web, mail and FTP servers.
Internal Penetration Test
Aiming to identify and exploit internal vulnerabilities. These are unique to each individual organisation, so the test is tailored to your specific requirements.
This type of test requires access to your internal network, provided by you or by exploiting a compromised system.
Social Engineering
Manipulating people into leaking sensitive information or providing unwarranted access is social engineering.
The penetration tester will research the company and its people to gain trust. They may attempt physical infiltration and also use email, social media and calls.
Vulnerability Testing
Vulnerability Assessment gives you an understanding of your security posture and it's a quick, cost effective way to identify and focus on areas that can be fixed easily. Bigger organisations often opt to perform a Vulnerability Assessment at least every quarter.
Red Team Engagement
A more advanced version of a penetration test often involving multiple testers, carrying out a targeted attack with a single objective, aiming to be completely unnoticeable.
During the test there is an immediate Blue Team (Response) to stop a Red Team (Attackers) in their tracks.
Black-Box Testing
A high-level assessment that focuses on the behaviour of the software. Black-box testing can be applied to virtually every level of software testing: unit, integration, system, and acceptance.
It involves testing from an external or end-user perspective.
White-Box Testing
Checking the internal functioning of the system and based on coverage of code statements, branches, paths or conditions. White-box testing is considered as low-level testing.
The white-box testing method assumes that the path of the logic in a unit or program is known.
The Six Stages of Penetration Testing