Security Testing Services | Cyber Security Services

Detect.

Security Testing

Identify vulnerabilities within your environment with CyberLab’s security testing services.

Vulnerabilities within your environment provide an easy point of entry for attackers. By proactively identifying weak points in your defences, you are able to prioritise key security issues and defend against emerging threats more effectively.

Our team of CREST, CHECK, and Cyber Scheme certified experts are here to identify vulnerabilities across your network, processes, devices, and applications before threat actors, so you can act to reenforce your defences.

Test Your Defences to Identify and Mitigate Vulnerabilities

Our testing services can be adapted to any system, network, or application and defend against a wide range of threats and potentials vulnerabilities.

¹2023 Data Breach Investigations Report (verizon.com)

Penetration Testing

Internal Infrastructure Penetration Testing

Penetration testing to identify and exploit vulnerabilities through your internal network.

External Infrastructure Penetration Testing

Replicating a real-life attack to identify network vulnerabilities, including issues with network services and hosts, devices, web, mail, and FTP servers.

IT Health Check

CHECK approved Government IT Health Check (ITHC) is a penetration test audited by the NCSC (National Cyber Security Centre).

Vulnerability Assessments

Automated internal and external network and device vulnerability assessments.

Website & Application Security Testing

Penetration testing services for any application type, language, or environment, following the OWASP methodology for application vulnerabilities and weaknesses.

Red Teaming

An advanced type of penetration testing that simulates a real-world attack to access sensitive data or systems.

Social Engineering

Often the easiest way to breach a company or network is not by hacking a website, it is by tricking employees to gain access to systems or a building.

Build Reviews

We will manually review your systems, apps, or databases against industry benchmarks to identify vulnerabilities.

Targeted Attack & Scenario Simulations

Red Teaming

An advanced type of penetration testing that simulates a real-world attack to access sensitive data or systems.

Phishing Simulation

Test your staff’s awareness to electronic phishing email campaigns in a safe and constructive manner, teaching them what to look out for.

Social Engineering

Often the easiest way to breach a company or network is not by hacking a website, it is by tricking employees to gain access to systems or a building.

Compliance Testing

PCI DSS Testing

Requirement 11.3 of the PCI DSS standard requires penetration testing to be conducted on both external and internal systems.

ISO 27001 Testing

The ISO 27001:2013 standards control A.12.6.1 of Annex A requires that penetration testing or vulnerability assessments be conducted.

PSN IT Health Check

The Public Sector Networks Code of Connection (PSN CoCo) requires annual IT Health Checks to be conducted and submitted for compliance.

Network Security Testing

Network Security Reviews

A manual review of the running configuration of the device itself to identify any security configuration issues.

Wireless Security Testing

Security testing and configuration reviews of wireless networks, access points, controllers, and devices against industry best security practices.

VLAN Hopping

Test the separation between less sensitive networks, such as the internal corporate network and more sensitive networks such as cardholder data environments.

Traffic Sniffing

Capture traffic and analyse the captured information to ensure that the encryption of data in transit is working as it should be.

Specialist Testing

VoIP Security Testing

Identify whether your video conference units or telephones can be used to connect to and compromise the internal corporate network.

IoT Security Testing

Ensure your IoT devices, or the software used to control the hardware, is not vulnerable to security weaknesses that could be exploited to obtain data.

Lost Device Testing

Security testing against lost devices, includes an encryption review, a physical review, and a device review.

Download Whitepaper

12 Common Vulnerabilities Found During Penetration Testing

Read 12 Common Vulnerabilities Found During Penetration Testing to:

Help you make a business case for penetration testing
Learn more about the sorts of vulnerabilities that you might unknowingly be allowing on your network
Prepare your team for the sorts of results your penetration tester might uncover

Penetration Testing: The Cyberlab Approach

The way we structure our Red Team engagements aligns closely with the steps taken by bad actors to target and compromise your systems. We replicate the approach of real-world adversaries to simulate and evaluate how your systems and processes respond to a cyber attack.

1. Planning and Scoping

A CREST, CHECK and Cyber Scheme certified consultant will work with you to define the scope of the engagement and ensure that our tests will fulfil your requirements.

2. Research, Reconnaissance and Enumeration

Your assigned consultant will gather information on your organisation, including:

IP addresses of websites and MX records
Details of e-mail addresses
Social networks
People search
Job search websites

This information will assist in identifying and exploiting any vulnerabilities or weaknesses.

3. Threat Analysis

Within the Threat Analysis stage we will identify a range of potential vulnerabilities within your target systems, which will typically involve a specialist engineer examining:

Attack avenues, vectors, and threat agents
Results from Research, Reconnaissance and Enumeration
Technical system/network/application vulnerabilities

We will leverage automated tools and manual testing techniques at this stage.

4. Exploitation

Once we have identified vulnerabilities, we will attempt to exploit them in order to gain entry to the targeted system.

There are three phases to this stage:

Exploit – use vulnerabilities to gain access to a system, e.g. inject commands into an application that provide control over the target.

Escalate – attempt to use the exploited control over the target to increase access or escalate privileges to obtain further rights to the system, such as admin privileges.

Advance – attempt to move from the target system across the infrastructure to find other vulnerable systems (lateral movement) potentially using escalated privileges from target systems and attempting to gain further escalated privileges and access to the network.

5. Reporting

Your Cyberlab Penetration Test Report will detail any identified threats or vulnerabilities, as well as our recommended remedial actions. Threats and vulnerabilities will be ranked in order of importance.

The report will also contain an executive summary and attack narrative which will explain the technical risks in business terms. Where required, we can arrange for your Cyberlab engineer to present the report to the key stakeholders within your organisation.

You can download an example Penetration Test report here.

6. Redmediation

The report will provide information on remedial actions required to reduce the threats and vulnerabilities that have been identified.

At this stage, we can provide you with the additional consultancy, products, and services to further improve your security posture.

Bespoke Testing Services

Cyberlab specialises in creating bespoke testing plans for organisations of all sizes, across any industry.

Our team of expert penetration testers will listen to your security concerns, build a picture of your IT ecosystem, and consider your future plans to create a testing plan around your organisational requirements to regularly assess the defences around your key systems, applications, and infrastructure.

CREST, CHECK & Cyber Scheme Certified

CREST (the Council of Registered Ethical Security Testers) is an international accreditation with a strict Codes of Conduct and Ethics. CHECK is the Government-backed accreditation from the National Cyber Security Centre (NCSC) which certifies that a company can conduct authorised penetration tests of public sector systems and networks.

All our penetration testers are certified by CREST, with senior consultants certified by CREST to the highest CCT Level. Our testers are also either CHECK Team Leaders (CTL’s) or Team Members (CTM’s).

Our team have decades of combined experience and take pride in operating at the highest level of the industry – conducting a broad range of government and commercial tests – and always aim to go the extra mile.

Speak With an Expert

Enter your details and one of our specialists will be in touch.

Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.

Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.

We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.