Security Testing Services | Cyber Security Services
Detect.
Security Testing
Identify vulnerabilities within your environment with CyberLab’s security testing services.
Vulnerabilities within your environment provide an easy point of entry for attackers. By proactively identifying weak points in your defences, you are able to prioritise key security issues and defend against emerging threats more effectively.
Our team of CREST, CHECK, and Cyber Scheme certified experts are here to identify vulnerabilities across your network, processes, devices, and applications before threat actors, so you can act to reenforce your defences.
Test Your Defences to Identify and Mitigate Vulnerabilities
Our testing services can be adapted to any system, network, or application and defend against a wide range of threats and potentials vulnerabilities.
Penetration Testing
Internal Infrastructure Penetration Testing
Penetration testing to identify and exploit vulnerabilities through your internal network.
External Infrastructure Penetration Testing
Replicating a real-life attack to identify network vulnerabilities, including issues with network services and hosts, devices, web, mail, and FTP servers.
IT Health Check
CHECK approved Government IT Health Check (ITHC) is a penetration test audited by the NCSC (National Cyber Security Centre).
Vulnerability Assessments
Automated internal and external network and device vulnerability assessments.
Website & Application Security Testing
Penetration testing services for any application type, language, or environment, following the OWASP methodology for application vulnerabilities and weaknesses.
Red Teaming
An advanced type of penetration testing that simulates a real-world attack to access sensitive data or systems.
Social Engineering
Often the easiest way to breach a company or network is not by hacking a website, it is by tricking employees to gain access to systems or a building.
Build Reviews
We will manually review your systems, apps, or databases against industry benchmarks to identify vulnerabilities.
Targeted Attack & Scenario Simulations
Red Teaming
An advanced type of penetration testing that simulates a real-world attack to access sensitive data or systems.
Phishing Simulation
Test your staff’s awareness to electronic phishing email campaigns in a safe and constructive manner, teaching them what to look out for.
Social Engineering
Often the easiest way to breach a company or network is not by hacking a website, it is by tricking employees to gain access to systems or a building.
Compliance Testing
PCI DSS Testing
Requirement 11.3 of the PCI DSS standard requires penetration testing to be conducted on both external and internal systems.
ISO 27001 Testing
The ISO 27001:2013 standards control A.12.6.1 of Annex A requires that penetration testing or vulnerability assessments be conducted.
PSN IT Health Check
The Public Sector Networks Code of Connection (PSN CoCo) requires annual IT Health Checks to be conducted and submitted for compliance.
Network Security Testing
Network Security Reviews
A manual review of the running configuration of the device itself to identify any security configuration issues.
Wireless Security Testing
Security testing and configuration reviews of wireless networks, access points, controllers, and devices against industry best security practices.
VLAN Hopping
Test the separation between less sensitive networks, such as the internal corporate network and more sensitive networks such as cardholder data environments.
Traffic Sniffing
Capture traffic and analyse the captured information to ensure that the encryption of data in transit is working as it should be.
Specialist Testing
VoIP Security Testing
Identify whether your video conference units or telephones can be used to connect to and compromise the internal corporate network.
IoT Security Testing
Ensure your IoT devices, or the software used to control the hardware, is not vulnerable to security weaknesses that could be exploited to obtain data.
Lost Device Testing
Security testing against lost devices, includes an encryption review, a physical review, and a device review.
Download Whitepaper
12 Common Vulnerabilities Found During Penetration Testing
Read 12 Common Vulnerabilities Found During Penetration Testing to:
- Help you make a business case for penetration testing
- Learn more about the sorts of vulnerabilities that you might unknowingly be allowing on your network
- Prepare your team for the sorts of results your penetration tester might uncover
Penetration Testing: The Cyberlab Approach
The way we structure our Red Team engagements aligns closely with the steps taken by bad actors to target and compromise your systems. We replicate the approach of real-world adversaries to simulate and evaluate how your systems and processes respond to a cyber attack.
A CREST, CHECK and Cyber Scheme certified consultant will work with you to define the scope of the engagement and ensure that our tests will fulfil your requirements.
Your assigned consultant will gather information on your organisation, including:
- IP addresses of websites and MX records
- Details of e-mail addresses
- Social networks
- People search
- Job search websites
This information will assist in identifying and exploiting any vulnerabilities or weaknesses.
Within the Threat Analysis stage we will identify a range of potential vulnerabilities within your target systems, which will typically involve a specialist engineer examining:
- Attack avenues, vectors, and threat agents
- Results from Research, Reconnaissance and Enumeration
- Technical system/network/application vulnerabilities
We will leverage automated tools and manual testing techniques at this stage.
Once we have identified vulnerabilities, we will attempt to exploit them in order to gain entry to the targeted system.
There are three phases to this stage:
Exploit – use vulnerabilities to gain access to a system, e.g. inject commands into an application that provide control over the target.
Escalate – attempt to use the exploited control over the target to increase access or escalate privileges to obtain further rights to the system, such as admin privileges.
Advance – attempt to move from the target system across the infrastructure to find other vulnerable systems (lateral movement) potentially using escalated privileges from target systems and attempting to gain further escalated privileges and access to the network.
Your Cyberlab Penetration Test Report will detail any identified threats or vulnerabilities, as well as our recommended remedial actions. Threats and vulnerabilities will be ranked in order of importance.
The report will also contain an executive summary and attack narrative which will explain the technical risks in business terms. Where required, we can arrange for your Cyberlab engineer to present the report to the key stakeholders within your organisation.
You can download an example Penetration Test report here.
The report will provide information on remedial actions required to reduce the threats and vulnerabilities that have been identified.
At this stage, we can provide you with the additional consultancy, products, and services to further improve your security posture.
Bespoke Testing Services
Cyberlab specialises in creating bespoke testing plans for organisations of all sizes, across any industry.
Our team of expert penetration testers will listen to your security concerns, build a picture of your IT ecosystem, and consider your future plans to create a testing plan around your organisational requirements to regularly assess the defences around your key systems, applications, and infrastructure.
CREST, CHECK & Cyber Scheme Certified
CREST (the Council of Registered Ethical Security Testers) is an international accreditation with a strict Codes of Conduct and Ethics. CHECK is the Government-backed accreditation from the National Cyber Security Centre (NCSC) which certifies that a company can conduct authorised penetration tests of public sector systems and networks.
All our penetration testers are certified by CREST, with senior consultants certified by CREST to the highest CCT Level. Our testers are also either CHECK Team Leaders (CTL’s) or Team Members (CTM’s).
Our team have decades of combined experience and take pride in operating at the highest level of the industry – conducting a broad range of government and commercial tests – and always aim to go the extra mile.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.