Security Testing and Penetration Testing Services
Reaction Information Security provide end-to-end penetration testing services covering all types of systems, networks, databases and applications. The services we can offer include:
- Internal/external network penetration testing
- Wireless security testing
- Web application penetration testing
- Security build reviews
- Firewall penetration testing
- Social engineering
- Security code review
- CHECK penetration testing
- Database Security Assessment
- VoIP Penetration Testing
Network Penetration Testing Services
ReactionIS test all types of networks including external, internal, DMZ and wireless. We commonly see vulnerabilities of the following types: default login accounts or weak passwords, buffer overflows and format string attacks, vulnerable web server software, insecure database services, weak remote administration services, unencrypted network services, vulnerable network services and potential for Denial of Service attacks.
Web Application Testing Services
Web application penetration testing ensures that your websites and web applications are protected from hackers and malicous users. Our web application penetration testing methodology is broadly aligned with the OWASP (Open Web Application Security Project) methodology and we commonly find security flaws in web applications including SQL injection, Cross-Site Scripting, broken authentication and session management, insecure encryption implementation and potentially dangerous redirects and forwards amongst others.
Security Build Review
Security build reviews aim to identify weaknesses in the setup and configuration of a host which might not otherwise be detected from a network level examination. The consultant uses allocated credentials to interrogate the host from a logged in perspective and we frequently find security vulnerabilities in the following areas - file permissions, weak user accounts, registry settings, patches and update mechanisms, vulnerable installed software and logging and auditing amongst others.
Firewall Testing Services
Firewall rulebase reviews allow the consultant to analyse traffic flows through the firewall to key network areas and hosts. At worst, a mis-configured firewall could allow unauthorised access into the corporate network. Firewall reviews often uncover unencrypted communications protocols in use, obsolete rules, conflicting rules, inappropriate rules and insufficient rule documentation all of which could lead to unauthorised access. We also perform black box testing on firewalls to assess firewall restrictions from the perspective of an anonymous user.
Social Engineering Exercises
We commonly carrying out social engineering tests for our clients and often uncover weaknesses in defences when using the human approach. We offer trojan USB stick scattering exercises, email phishing attacks, information gathering, information extraction using anonymous phone call enquiries and physical security audits.
VoIP Penetration Testing
VoIP (Voice over IP) and Internet telephony has redefined communications services in the enterprise, and is now in widespead use due to its low costs and bandwidth efficiency. However, this concept introduces risks that have been prevalent since the inception of VoIP which often only in-depth penetration testing can reveal.