Penetration Testing Leeds


Penetration Testing

CISSP

Malicious hacking leads to loss of data and a company's website is often the
first port of call. This can then be a stepping stone to internal systems.

The risk of unauthorised people gaining access to client account information, corporate data or admin access to servers cannot simply be measured in terms of monetary value, although the maximum fine by the Information Commissioner's Office has recently been raised to £500,000 for data losses! It's also the risk of loss of reputation and reliability that can have the greatest affect on an organisation.

Let YACC Labs audit your site before an unauthorised person does!

Computer security is a fast moving and ever changing field. As such, regular Penetration Testing of your web sites and network infrastructure are crucial in helping protect your IT systems from external threats, data loss and client confidentiality breaches. Not only does this maintain high compliance and governance standards, it will prevent your organisation from becoming another negative statistic.

As well as protecting your organisation's reputation and assets, regular audits can improve the quality of your IT systems. Early detection and diagnosis will lead to benefits and cost savings.

Main areas we cover:

  • - Web Site Security Testing - Using the same tools that real world hackers use, we will actively scan and test your web site looking for vulnerabilities that will provide a would-be attacker with the information and means they need to access your systems and data.
  • - Network Security Audit - We audit the network infrastructure, both internally and from the internet, to identify and explore any areas of risk, such as open ports or unnecessary services, that could pose a security risk.
  • - Remote Access Review - If your organisation provides remote access services to its staff, we can review the systems in place to ensure they are safe.

 

We will cover areas of risk such as unnecessary open ports, login pages and document repositories, looking for common attack vectors including SQL Injection, cross-site scripting and other forms of information leakage that could provide a would-be attacker with the method and details they need to access your systems.

Running tools alone will not ensure security is maintained. That is why we also manually verify any results obtained from tools as well as undertaking manual tests and checks. If a vulnerability is found, we will always confirm with the client first before we try to actively exploit the issue- sometimes just knowing the problem is there is enough to ensure that a fix is issued without delay. However, it is always great fun when we do get the go-ahead to exploit as hard as we can!

All audits are followed up with a detailed report, listing any issues found together with suggested remedial action. We feel it is also very important to highlight positive outcomes as well - sites with little or no risk should be celebrated!

Think of us as an ethical hacker
Our extensive training enables us to think like a hacker and use the tools and methods they do, but we do this for positive reasons.

- Benefit from our expertise
Combining our security skills with our network & software development experience. If there is a chink in your armour we will find and exploit it!

- Be confident in our ability
Our auditors are fully trained to CISSP accreditation and regularly attend SANS Institute conferences. We also follow regular podcasts and webinars by leading experts in the field, to ensure we are fully up to date with current tricks and techniques.

- Benefit from the lessons learned from other people's mistakes
We often get called into help after break-ins have occurred. We bring the benefit of hindsight with us.

We regularly provide our audit services to many Public and Private sector organisations, including healthcare, finance, insurance companies and on-line retailers.

Contact us today for a no-obligation chat to discuss carrying out a Penetration Test for you or for any areas where we can help you ensure the security of all your IT systems.

Download further information regarding our Security Services and a copy of our Audit Methodology here:

YACC Labs Security Services YACC Labs Security Services
YACC Labs Audit Methodology YACC Labs Security Services