Secure Ideas is well known for its web application penetration testing. Our staff assesses and tests an organization's web applications to evaluate the risks these applications pose to their Internet facing and internal web sites, and more importantly, to the sensitive information these applications manage. A comprehensive penetration test goes beyond running an automated scanning tool or identifying "potential" vulnerabilities. Secure Ideas recognizes this and is why we use an industry methodology that utilizes manual testing methods along with testing tools to determine the impact vulnerabilities have if exploited. Discovering and exploiting vulnerabilities is beneficial, however, Secure Ideas provides additional value in evaluating the web application within the context of the business, providing a complete understanding of the risk and potential threats to the organization.
Network penetration tests allow an organization to evaluate the effectiveness of their controls in protecting their internal and external (Internet facing) network infrastructure from attacks. An organization's network infrastructure will typically grow in size as well as in complexity, as new features, services, and business requirements are implemented. As a network grows in size and complexity, the opportunity for vulnerabilities also increases, resulting in an increasing attack surface that attackers can leverage to get a foothold into an organization's network environment. Secure Ideas has many years of experience with assessing networks, as well as building open-source tools that aid and assist in performing penetration tests. As with web application penetration testing, Secure Ideas uses an industry proven testing methodology that consists of both manual and automated techniques. Beyond performing a simple network scan, a network penetration test validates vulnerabilities through exploitation, and more importantly, identifies the real impacts to the organization if exploitation occurs. Aligning these results with the understanding of the business functions that the network services provide results in a more comprehensive understanding of the risks and threats the vulnerabilities expose the organization to.
Wireless networks have provided organizations with the flexibility in scaling their network without the increased expense of implementing a larger cabling infrastructure, as well as providing the ability to reach areas of their physical environment that were difficult or expensive to do with a wired connectivity. Wireless networks have also provided a means of mobilizing their workforce, and providing Internet access services to visitors without putting their internal network at risk. Unfortunately, many wireless networks are not architected or configured properly and result in exposing an organization's internal network more than ever before. Secure Ideas has years of experience with assessing wireless networks, identifying miss-configured wireless routers, "rogue" access points, and weak encryption or authentication mechanisms. Wireless networks potentially provide attackers with the ability to remotely access internal networks, without the risk of physical presence within a facility, thus it is critical that organizations understand the vulnerabilities of their wireless infrastructure, the impact to the organization if the vulnerabilities are exploited, and what measures or controls can be implemented, or properly configured, to minimize the risks.
Many penetration tests focus only on the "digital world", however, the digital environment for many organizations is located in a physical data centre. The controls that control physical access to these systems are just as critical as the technical controls. Secure Ideas provides physical penetration testing that focuses on the physical controls that attackers attempt to exploit in order to gain access to an organization's internal network, servers, or workstations. This type of testing assesses physical access control systems, locking mechanisms, infiltration methods, and aided entrance techniques using social engineering. If an attacker is able to obtain physical access to an internal network or system, the ability to bypass most, if not all technical controls, is assured.