Penetration Testing Services

ReactionIS offer the full range of penetration testing services including network and web application penetration testing.

Get in touch >

Penetration Testing Services

Reaction Information Security provide end-to-end penetration testing services covering all types of systems, networks, databases and applications. The services we can offer include:

Network Penetration Testing Services

Reaction test all types of networks including external, internal, DMZ and wireless. ReactionIS test for commonly seen vulnerabilities including default login accounts or weak passwords, buffer overflows and format string attacks, vulnerable web server software, insecure database services, weak remote administration services, unencrypted network services, vulnerable network services and potential Denial of Service attacks.

Web Application Testing Services

Web application penetration testing ensures that your websites and web applications are protected from hackers and malicous users. Our web application penetration testing methodology is broadly aligned with the OWASP (Open Web Application Security Project) methodology and we commonly find security flaws in web applications including SQL injection, Cross-Site Scripting, broken authentication and session management, insecure encryption implementation and potentially dangerous redirects and forwards amongst others.

Security Build Review Penetration Testing Services

Security build reviews aim to identify weaknesses in the setup and configuration of a host which might not otherwise be detected from a network level examination. The consultant uses allocated credentials to interrogate the host from a logged in perspective and we frequently find security vulnerabilities in the following areas - file permissions, weak user accounts, registry settings, patches and update mechanisms, vulnerable installed software and logging and auditing amongst others.

Firewall Testing Services

Firewall rulebase reviews allow the consultant to analyse traffic flows through the firewall to key network areas and hosts. At worst, a mis-configured firewall could allow unauthorised access into the corporate network. Firewall reviews often uncover unencrypted communications protocols in use, obsolete rules, conflicting rules, inappropriate rules and insufficient rule documentation all of which could lead to unauthorised access.

Social Engineering Exercises

ReactionIS are increasingly carrying out social engineering tests for clients and uncovering important findings. We offer trojan USB stick scattering exercises, email phishing attacks, information gathering, information extraction using anonymous phone call enquiries and physical security audits.