Penetration testing is more complicated and broad than what has been traditionally understood in the Australian market. A test can be as basic as an evaluation of software version numbers and their patch levels, or as comprehensive as leveraging skilled teams to simulate real-world attacks against all technology stacks and business processes.
To find a right strategy for you, it's important to know your security objective and requirements. You need to have a clear picture of why and what you want security assessed.
As many in the industry would agree, Penetration testing is limited to the allocated time and budget and there is no penetration testing project that can discover all possible vulnerabilities. Therefore the experience of the security tester becomes crucial for timely identification of security issues, prioritising the coverage of testing and communicating the results in an effective and clear manner.
At elttam, your penetration testing project is delivered by a reputable team of security professionals who have decades of experience delivering security assessments. We assist you to uncover the real needs and tangible objectives for your security assessment project. We then guide you through every identified security vulnerability and make sure our remediation guidance is both practical and cost-effective.
Sit with you to clearly understand your needs, business objectives and review relevant documentation and prior test results. The goal is to have a clear picture of the project, rules of engagement and limitations.
Perform active and passive reconnaissance activities to gather actionable intelligence. The goal is to determine entry points to the environment and map out the attack surface.
Based on our reconnassance we design tailored test-cases and attack vectors. This phase is both intuitive and analytical and we leverage on our extensive experience.
Manual and semi-automated tests are executed based on the test-cases. The outcome of each test-case is captured, validated and peer reviewed.
The impact of the identified security vulnerabilities is examined and measured. Security findings are assigned a risk rating considering the context of the environment.
A comprehensive report and any output from tools are delivered to you.
We walk you through each finding and make sure the recommendations are clear and practical.
Contact us to receive the full detail of our methodology.
Our team have performed thousands of Penetration Tests and Vulnerability Assessments against many platforms.
Android, iOS, Windows Mobile and off-the-shelf applications
Active Directory, Exchange Server, Sharepoint, Business Intelligence (SSRS, APS, SSAS, ...)
Oracle, SQL Server, DB2, MySQL, PostgreSQL, ElasticSearch, MongoDB, Cassandra, Sybase ASE
Infrastructure as a Service (IaaS), LAN, VPNs, 802.11 networks
Desktop clients, Firmware, and other client applications.
An exhaustive security test and exploitation against a target
A structured methodology built on proven best-practices (CAPEC, OWASP, OSSTMM)
A team with an established reputation and over a decade of experience
Tailored security services to fit any project or business
Providing services to global software companies and ASX listed enterprises
Made in Australia!