Network Assessments &

Penetration Testing

Identify & Exploit Vulnerabilities. Simulate Attacks. Remediate and Protect Your Critical Network Assets with Network Penetration Testing.

Read the Guide
Book a Discovery Call

Penetration Testing provides advanced insights into how attackers are attempting to gain access to your networks

What is a Penetration Test?

Penetration testing is one of the fundamental cybersecurity services: if you aren’t conducting penetration tests now, we can help you change that.

A penetration test is a simulated attack on your external network, internal network, web or mobile applications, personnel or physical locations. A penetration test will enable you to identify your vulnerabilities, known exploits and give you a holistic and detailed view on avenues of attack and the approach an attacker might take when attempting to gain access to your data.

Why Our Clients Work With Us

100% Success Rate

On all of our penetration tests with exploitable vulnerabilities identified

Expertise

All of our consultants are certified: CEH, OWASP, Offensive Security

Cost Effective

Our cost structure ensures maximum efficiency with your spend

We Equip You With The Expertise to Test and Secure Your Network

Internal network penetration testing identifies and exploits internal vulnerabilities on your network through authenticated penetration testing. We will place our testers at a pre-defined location on your network, and attempt to perform scans, exploits and other activities in line with our pre-defined objectives. Internal network penetration testing simulates what an attacker might do if they are either a. an insider (already on your network) or b. have gained access to your network from an internal entry point.

External network penetration testing identifies and exploits external vulnerabilities by penetration testing your externally facing network. Your externally facing network is any network device that points directly to the internet. An external penetration test will simulate the path and methods an attacker might use to attempt to gain access to your network via the internet, by scanning and attempting to exploit vulnerabilities that they are able to see.

Web applications are among the easiest to attack. As such, web and mobile applications are commonly targeted by malicious threat actors. Through application penetration testing, static and dynamic testing will identify vulnerabilities in your web applications that could lead to unauthorized data exposure.

Social engineering exploits arguably the weakest link in any organization: its people. Social Engineering testing will identify vulnerabilities in your personnel, policies, procedures and test the effectiveness of your security awareness training. We use email, voice and even in-person methodologies to attempt to gain access to your target data by exploiting your personnel.

Wireless penetration testing identifies vulnerabilities on your wireless networks, both corporate and guest. Wireless network vulnerabilities can enable an attacker to monitor traffic, exploit vulnerabilities on connected devices and pivot to other network segments.

A malicious threat actor gaining physical access to a device can be instantly detrimental to an organization’s security. Through physical penetration testing you can identify, test and manage your physical points of possible cyber-attacks. Physical penetration testing requires personnel to be on site, and we usually operate in teams of at least 2.

penetration-testing

Read the blog: How often should I conduct a penetration test?

Read Now

What a Penetration Test Encompasses

Planning

Prior to any penetration test starting, we fully scope the test and identify Client objectives.

Discovery

This phase is where we learn about the target network. We research IP addresses and identify personnel.

Exploitation

Here we attempt to exploit any vulnerabilities identified in the discovery phase.

Post-Exploitation

As with a real attacker, here we would attempt to further exploit, escalate privileges or further assess.

Clean up & Reporting

Cleanup and reporting ensures that we compile all our data and remove any trace of the test from your systems.

Remediation & Retest

If needed, remediation should now take place followed by a retest, if any significant changes have been made.

Want to learn more about a penetration test? Book a discovery call now

Book a Discovery Call

Why SubRosa Cyber Solutions?

SubRosa’s assessment and exploitation team derive their skillsets from an extensive tenure in cyber network operations, recruited from the U.S. military and various governmental branches.

This unique skillset separates SubRosa’s penetration testing from its peers. SubRosa provides penetration testing across all domains, including network, application, mobile, physical and personnel (social engineering).

Want to Test Your Detection and Response Capabilities?

Then a Penetration Test might not be the appropriate service offering for your organizational security needs. As such, a Red Team Assessment might be more appropriate. Click below to learn more about SubRosa’s Red Team Assessment Services.

Red Team Assessments
Contact Sales

Explore Our Services

SOC as a Service
Third Party Assurance
Incident Response
Cybersecurity Maturity Assessments
Cybersecurity Awareness Training

Get Started with SubRosa Cyber Solutions