Combined Infrastructure and Web Application Penetration Test

Combined Infrastructure and Web Application Penetration Test

This penetration tests helps to identify potential vulnerabilities in your infrastructure, websites and web applications.This unique, fixed price penetration test, conducted by our CREST-accredited team, include recommendations to improve your network security, enabling you to comply with client requests and facilitate compliance with ISO 27001.

Ready to order
Sub Total: R 0,00 (ZAR)
CHECKOUT
 

Other payment options available

 

Penetration testing and ISO 27001

Control Objective A12.6 in ISO27001:2013 specifies that information about technical vulnerabilities be obtained in a timely fashion, the organisation's exposure to such vulnerabilities be evaluated and appropriate measures be taken to address the risks.

If you are implementing ISO 27001, a penetration test is crucial during these ISMS implementation stages:

  • As part of the risk assessment process: uncovering vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and linking them to identifiable threats.
  • As part of the performance evaluation, ensuring that controls actually work as designed.
  • As part of the ongoing continual improvement processes, ensuring that controls continue to work as required.
  • Whenever significant changes are made to your network infrastructure.

Benefit from a series of advanced manual tests, combined with a number of automated vulnerability scans, using multiple tools and techniques.

This test is available on either an internal and external basis.

What exactly can you expect from this penetration test service?

  • A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification about any critical vulnerabilities identified to help you take action quickly.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms – perfect for your management team.

IT Governance’s penetration testing service will help you:

  • identify your potential vulnerabilities;
  • meet ISO27001 certification and PCI DSS compliance requirements;
  • be notified immediately of critical vulnerabilities and actions to address them;
  • understand how these vulnerabilities appear to attackers and hackers;
  • take action to fix your vulnerabilities fast;
  • review, assess and improve your infrastructure’s security posture;
  • provide peace of mind to your executive team, stakeholders and clients;
  • reduce the likelihood of an attack.

The standard price includes:

  • An infrastructure (either internal or external) with up to 20 externally-facing IP addresses.
  • A single web application and database with any combination of up to 100 static web pages or dynamic web pages using no more than five templates (e-commerce sites will be quoted separately).

Maintain your cyber security – year in and year out!

Additional options:

  • Internal penetration tests will require on-site work, and the cost of transportation, accommodation and other related expenses will be quoted and billed separately.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.

As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured that the work will be carried out to rigorous standards by qualified and knowledgeable individuals.

We highly recommend an on-site report presentation meeting designed to present and discuss the penetration test results and recommendations.

15 reasons to choose IT Governance as your penetration testing provider
  1. We uniquely offer a combination of fixed-price and bespoke penetration testing solutions, enabling you to choose the right option easily.
  2. Our clients benefit from the vast knowledge and deep experience of our penetration testing team.
  3. We are a CREST member company, which means that clients can rest assured that the work meets rigorous standards delivered by a qualified and knowledgeable team.
  4. Our clients participate in a detailed consultation session prior to any testing to identify the depth and breadth of the tests required.
  5. Our penetration tests combine a number of automated vulnerability scans with a range of advanced manual tests by expert in-house penetration testers.
  6. Click to see the next 10 >>

  7. We apply multiple tools and techniques closely aligned with the Open Source Security Testing Methodology (OSSTM) and OWASP in our penetration tests.
  8. The technical advice and solutions we provide are vendor-neutral, meaning we work with our clients’ available resources wherever possible.
  9. We provide comprehensive information security advice derived from our extensive expertise with ISO 27001 and PCI DSS implementations (we are a PCI QSA company).
  10. We can assist our clients with the development of appropriate policies and procedures, training of staff, business case development, or the implementation of an information security management system (ISMS).
  11. Clients receive immediate notification about any critical vulnerabilities identified to help them take action quickly.
  12. When a remedial activity has been completed, we recommend that the original testing is repeated to ensure that the system is now fully secure.
  13. We provide a comprehensive technical report identifying potential vulnerabilities and recommended remedial activities for each vulnerability identified.
  14. An executive summary explains the identified potential vulnerabilities to present the risks and issues in clear, non-technical terms.
  15. All of our solutions are designed to offer smaller organisations a cost-effective method of testing their network's security.
  16. We can offer repeat penetration testing packages, or combined penetration testing and PCI DSS compliance packages at a significant discount.


Are you interested in a Level 2 Infrastructure Penetration Test Instead?

Regular penetration testing is essential to identifying and mitigating the latest cyber threats.

Contact us today on 0845 070 1750 to discuss your penetration testing requirements and start your journey to a more secure future.

 

Conditions

  • The price is applicable for 20 externally facing IP addresses, and a single web application and database with up to 100 static web pages or dynamic web pages using no more than five templates, or a combination of the two.
  • Internal infrastructure tests will require on-site work, and the cost of transportation, accommodation and other related expenses will be quoted and billed separately.
  • Testing will be conducted with a single level of authentication provided that the pages are accessible without authentication.
  • Testing will not include file upload testing.
  • This test is available as either an internal or an external test.
  • Consultant expenses related to travelling, etc. are not included in the price.
  • If you require a more advanced level 2, which that exploits potential vulnerabilities to establish the impact of an attack, contact us at servicecentre@itgovernance.co.uk for a custom quote.
  • On-site presentation of report findings and remedial consultations can be provided upon request at an additional cost.
  • Discounts for multiple tests only apply when a two- or three-year contract is agreed at the purchase of the first test; discounts cannot be backdated. Each penetration test will be invoiced annually (in the year of the test). An invoice will be issued 28 days before the planned test.

 

Product Rating: (0.00)   # of Ratings: 0   (Only registered customers can rate)

There are no comments for this product.