Penetration Testing

Find your Vulnerabilities before the real Threat Actors Do

Penetration Testing takes 2 forms; Physical Penetration Testing and Cyber Penetration Testing.  Often referred to as Pen Tests they both ultimately improve security by conducting authorised simulated attacks used to identify weaknesses and vulnerabilities in an organisations security.  Once identified, these vulnerabilities can by remediated to avoid them being exploited by hostile threat actors.

Cyber Penetration Testing

Cyber Pen Tests are essential to effective cyber security and involves an individual or a team using the same tools available to hostile threat actors to actively probe and attack a System or systems.

Cyber Pen Tests are conducted under strict, pre-approved conditions designed to protect the Confidentiality, Availability and Integrity (CIA) or business information whilst still enabling an effective test.

In all forms of Pen Testing, but particularly in Cyber Pen Testing, the test only represents a moment in time.  As soon as a System is updated, new vulnerabilities may be introduced.  This is why software is used to conduct continual vulnerability assessments.  More service providers now also offer Cyber Pen Testing as a continual service which may suit your needs.  More specific, individual Cyber Pen Tests are often used to test new or sensitive systems as a more focused attack is simulated.

Physical Penetration Testing

Physical Penetration Testing (PPT) is the practice of assessing the effectiveness of an Organisation’s physical security processes, practices and procedures in offices and facilities by the assessment of physical resilience to external and internal threats.

PPTs are conducted by professionals who will use a variety of techniques ranging from Social Engineering and Open Source Intelligence (OSInt) gathering to lock picking and overcoming barriers and obstacles through both overt and covert means.

The activities and constraints of a PPT are clearly defined prior to the PPT taking place.  PPTs may only be carried out with the written authorisation of site owners or custodians in the form of a Letter of Authority which stipulates the scope, limitations and constraints of the PPT which the Pen Tester must abide by at all times.

Once complete a Client Report will be produced that will inform the Client of the vulnerabilities identified during the PPT and any exploitation that took place.  This will allow the Client to review their physical security measures and improve site security if appropriate rectification actions are taken.

Pera Prometheus uses highly skilled and experienced personnel who are specially selected to conduct PPT in a manner that will not disrupt your Business