Infrastructure Testing

Red-Team will scan your network for vulnerabilities to ensure you are aware of any weaknesses or open ports that exist. We provide you with a full picture of your systems' security status on a regular basis from the view point of an external hacker on the internet.

This testing is recommended for companies who have any public facing systems connected to the internet including a secure VPN. This fully managed service needs no intervention from you. The process is simple - you provide us with the IP addresses of the hosts to be scanned and choose the frequency of your scan (daily, weekly, monthly, quarterly or annually). We will run the tests and provide a full 'easy to understand' test results matrix that will include any issues found and the recommended remedial action.

• Network discovery - UDP/TCP Port Scanning
• Service Identification - Banner Grabbing
• User Enumeration - dependent on what services are offered
• Internet profiling - vulnerability testing of all Internet devices
• Web scanners -HTTP vulnerability scanners
• Network device test - servers, firewalls, routers

Web Application Testing

The Red-Team ethical hackers utilize a combination of automated and manual tests using the latest tools and techniques to ensure excellent coverage. Our aim is to identify all potential vulnerabilities during assessments; this includes the top ten threats identified by the Open Web Application Security Project (OWASP):

• Cross site scripting (XSS)
• Injection flaws
• Malicious file execution
• Insecure direct object reference
• Cross site request forgery (CSRF)
• Information leakage and improper error handling
• Broken authentication and session management
• Insecure cryptographic storage
• Insecure communications
• Failure to restrict URL access

All issues found during a web application assessment are documented in a comprehensive, easy to understand security test report. Each documented issue includes business risk and technical impact, examples of attack vector, screen shots and remedial action required. We also provide a free post test support service to ensure all issues are clearly understood and answer any questions that may arise

Compliance Testing

If your organisation stores, processes or transmits credit or debit card payments then you will need to comply with the Payment Card Industry (PCI) Data Security Standards (DSS). These new regulations issued by the major credit card companies such as Visa and MasterCard will need to be adhered to if you want to continue taking credit and debit card payments.

Red-Team can help with all aspects of PCI DSS, including penetration testing, vulnerability assessment and compliance auditing services (Requirement 6).

The PCI Data Security Standard consists of twelve basic requirements and corresponding sub-requirements and you will need to make sure that your IT systems, applications and databases are PCI compliant to protect card holder information.