Penetration testing
Our remote (often referred to as external) penetration testing services are based on 5 years of evolvement. Working to a strict methodology (updated daily),
digineo consultants test your publicly available services and perimeter defences with great care and precision.
Key features of our remote penetration testing include:
Full manual web application testing
Commonly used web application scanner tools are only useful for detecting known vulnerabilities in known applications. Manual testing enables our consultants to identify flaws in your bespoke applications. Using the same techniques as malicious attackers, we can detect common vulnerabilities, such as:
- SQL injection
- Cross-site scripting
- Weak session management
- Improper encryption
- Poor input validation
No impact on service availability
Testing is typically performed on live, mission critical systems. Our tests are designed to "tread lightly" and cause no noticeable disruption to your clients and internal operations. Denial of Service testing is not performed (unless specifically requested) as in most cases these issues can be identified without actual exploitation.
Maximum depth investigation
Testing doesn't stop at your perimeter services. If issues that could allow access to your internal resources are discovered, testing will continue to the maximum depth possible. In some cases this could be as far as internal client desktops.
All services tested
If a service is accessible, it's tested, with no exceptions. Many penetration tests concentrate on the commonly exploited services, such as web and email. At
digineo we believe that all services represent a potential threat and should therefore be tested as such.
Public information source examination
In addition to examining your perimeter network, we will also scour the Internet for any publicly available information. This could be something as simple as the presence of a contact telephone number in a domain
whois record. We will also search Usenet newsgroups for any postings by technical staff that may reveal information regarding technologies in use at your organisation.