What is penetration testing?
There is no formal definition of the term “penetration test”, however the goal is generally to see how resilient a particular system would be under the conditions of a cyber-attack. Beyond that, penetration testing projects differ wildly depending on the organisation being assessed, the objectives, budget, scope and indeed the company or person delivering the work.
Our Penetration Testing Approach
The Mothax approach is not to have a standard methodology that fits all. Instead I involve customers as much as possible in the planning and even the execution of the test. Guidance and support will always be provided with the aim of extracting the best possible value for money during the exercise. So if you have specific objectives in mind, then let’s work them into the proposal of work so you can measure me on them later. If you’re not sure what you need, then count on my years of experience as both a provider and buyer of tests to deliver something of genuine value. Within a flexible overall approach, Mothax penetration tests may consist of a number of familiar components;
- Threat modelling
- Intelligence gathering
- Vulnerability assessment
- Network topology review
- Attack simulation (Red Team)
- Web application testing
- Wireless network assessment
- Mobile application testing (Android and iOS)
- Security product or service assessment
- Technical audit (configuration assessment)
- Password cracking and reporting
Getting the right blend of assessment techniques is an often overlooked but essential part of a successful penetration test. This is an area I take great care over and pride in.
A key aim of mine is not to simply follow the herd and deliver tests that emulate what the rest of the industry are doing. I prefer to take the best of what is generously shared in the security community and shape that into something unique. I also like to dispel myths surrounding hacking and impart as much as knowledge as I can on every engagement.
Some of the key differentiators when working with Mothax are:
- One point of contact from start to finish
- Really competitive and flexible pricing up to half that of some providers
- Focus on resolving systemic issues over cataloguing missing patches
- Completely open working method – sit in and learn hacking tools and techniques!
- Willingness and experience to support mitigation tasks
- Fully documented reports allowing you to retest your own issues
- Simply and fair contractual terms and conditions
- Penetration Tests are underpinned by Tigerscheme certification