Penetration Testing is a core component of a mature approach to security management within an organisation. It is used to check alignment with documented policy, identify security weaknesses and provide recommendations about how to secure them.
Our Approach
A founding member of the NCSC CHECK Scheme, the CGI penetration testing team have one of the longest established histories in the UK of testing government systems. Our approach to IT Health Checks provides a thorough, objective, independent service whilst allowing the flexibility necessary to test a wide range of IT systems. Our primary objectives for all security testing that we carry out are:
- To evaluate whether or not specific weaknesses in security leave the organisation open to attack.
- To provide clear recommendations for vulnerability mitigation that are simple to implement and tailored to the required functionality of the system under test
- To help increase our client’s confidence in the security of their systems.
Methodologies and Capabilities
Our team hold qualifications by CREST, Tiger and Offensive Security. We offer a broad range of testing methods, which are normally combined to provide the balance of assessments needed for an individual client. Below are some testing methods that we regularly employ. These are identified and applied based on our initial evaluation and proposal.
- Internal/External Infrastructure Assessments
- Vulnerability Assessments
- Build Reviews
- Network Devices / Firewall Reviews;
- Wireless Testing;
- Web Application / Services Testing
- Mobile Application Testing
- Red Team Exercises
- Cloud Assessment
- Industrial Control System Testing
- Active Directory Review
- Configuration Reviews
- Phishing Exercises
- Network Segregation Testing
- Firewall Exposure Testing
