Practice Resilience

Protecting Your System

Testing Your System

Penetration Testing mimics the actions of a real hacker attempting to gain access to your computer systems in a controlled manner. Penetration testing (pentesting) highlights which of your systems are effective in stopping hackers and which are not, providing detailed remediation advice on how to correct or mitigate the issues.

This information is critical for PCI Compliance, periodic security testing, change management and pre-purchase due diligence. Using sophisticated tools and extensive security experience, our consultants utilise brute force credential discovery, smart exploitation, password enumeration and Web application scanning as part of their testing.

A penetration test mimics the actions of an actual attacker, exploiting possible weaknesses in your network security, without the usual dangers. Reporting is provided at two levels:

  • The Executive Overview summarises and articulates technical vulnerabilities in terms of business risk and priority.
  • The Technical Report provides an analysis of vulnerabilities with detailed remediation steps listed to secure your systems.

Our security experts have decades of experience in IT systems and securing computing environments.

Our documented security testing programs can include:

  • Load Testing of Websites and Applications, Infrastructure
  • Denial of Service (DOS) Testing
  • Compliance Testing
  • Active Directory Assessment

  • Automated Remediation and Patch Management
  • Database Vulnerabilty Testing
  • Wireless Scanning and Injection Testing
  • Specialised Virtual Environment Testing

Our methodology

Our security experts have performed thousands of Penetration Tests and Vulnerability Assessments. This is the process we follow when testing our systems.

1. Defining your requirements

We sit with you and discuss your needs, business objectives, review relevant documentation and prior test results. This provides you and our consultant a clear picture of the scope of the project, objectives, rules of engagement and any possible limitations.

2. Reconnaissance of your systems

Vulnerability Assessment is the first step in performing the Pentest. We also use targeted tools that look for particular parts of systems to aid in the assessment phase.

We perform a series of active and passive tests to produce a map of your system. The goal is to identify vulnerabilities by locating entry points into your system. With this we map out potential attack vectors.

3. Design of test attacks

Based on what we found in step two a series of tailored test cases and attack algorithms are developed. This stage is complex and time-consuming; however our experience enables fast identification of weak points and gaps.

4. Testing your system

A series of semi-automatic and manual tests are carried out on your system. The outcome of each test is validated and reviewed. Depending on the results test plans may be modified.

5. Assessing the results

The vulnerabilities are examined and measured. Findings are then assigned a risk rating within the context of your environment.

6. Reporting and technical workshop

A comprehensive report explaining the primary vulnerabilities and their possible impact is prepared. We then conduct a technical workshop laying out the vulnerabilities found and the remediation steps needed to secure the systems.

Contact JurisIT now on 02 9252 5775
to secure your firm.