Penetration Testing Services

What is penetration testing?

Penetration testing services (also known as security health checks, vulnerability assessments or security audits) are designed to identify vulnerabilities and threats within the security armour of an organisation’s networks, information and communication services and applications, to prevent the threat of external attacks.

The value of penetration testing

The value of penetration testing is to provide evidence of any system weakness, and the extent to which it may be possible for unauthorised personnel to gain access to and / or even misuse information assets from a system’s boundary. Regular, unbiased penetration testing can assist in focusing security resources where they are needed most, and provide a baseline for remedial action, in order to constantly ensure an information protection strategy.

VEGA's penetration testing services

VEGA provides a comprehensive and independent penetration testing service, using a team of experienced and UK Government-accredited CLAS and CHECK penetration testers. VEGA experts continuously update their knowledge of the latest security vulnerabilities to ensure their advice is as current as possible. The scope of services include:

CESG (CHECK) IT Health Checks – providing public sector clients with thorough and comprehensive penetration testing plans to UK Government accredited standards.
Embedded System Testing (inc. SCADA) – conducting security studies and examining architecture to meet the security challenges associated with autonomous embedded systems.
Intrusion Detection/Prevention System Testing (IDS/IPS) – providing operators with the opportunity to observe and understand the characteristics of hostile attacks within a controlled security assessment.
Mobile Device Testing – reducing risk and identifying threats affecting the confidentiality, integrity and availability of corporate data on mobile devices.
Network Infrastructure Testing – employing the appropriate tools and technologies to assess the level of network security required by the most complex of infrastructures.
Open Source Research – analysing an organisation’s presence on the Internet to create a comprehensive profile of its online security posture.
Remote Access Testing – identifying and preparing for the range of threats presented by traditional telephony systems as well as digital and IP networks.
Source Code and Binary Review - reviewing software coding in order to identify possible issues of poor programming practices and resulting vulnerabilities.
Standards and Compliance Review - assessing compliance of the target system or design to industrial, governmental or regulatory policies, procedures and standards.
Voice over IP (VoIP) Testing – considering the most appropriate approach to a deployed VoIP solution based on the business need, chosen architecture, and security environment.
Web Application Testing – understanding the inherent security threats of web applications, identifying weaknesses, and developing the appropriate security plans and policies.
Wireless Testing (WiFi) – determining the risks associated with incorrect WiFi configurations or unauthorised devices, and making recommendations for planned infrastructure.
Workstation and Laptop Testing – Identifying the risks of authorised and unauthorised users attacking systems to gain access to data or privileges for which they are not authorised.