Pentests 

Here at Rainbow we provide an  extensive internal and external  penetration testing services that enable  you to get an in depth view of your business  from a Cyber Security view and be able to ascertain all of the weakness’s in your business. This is very beneficial as having the knowledge gives you the power to truly protect your business. The services we provide are all listed below and can be combined or bought as a single entity.

  • Internal Vulnerability assessment – this is an automated scan of the internal network and a report generated as an output of this.
  • Internal penetration testing – this is a full vulnerability scan, which is then assessed manually by an experienced tester – the testers are all trained to the highest levels specifically for compliance testing for our largest (Fortune 100 and blue-chip) clients. This also means that they will assess the context of the client’s network infrastructure, and look for vulnerabilities that can be chained in order to facilitate exploitation.
  • Client Build Review – Testers will assess the gold client builds, disk encryption, usb booting, AV effectiveness, content filtering, and other issues that would lead to potential data extraction or potential exfiltration by and internally positioned, privileged attacker.
  • Server Build Review – we will review the gold build for the servers, and give a good baseline from which to review the overall internal penetration test findings.1
  •  
  • Firewall Review – we will review the inbound and outbound firewall rules from the perspective of a high-level requirement for security. We will assess the configuration of known services on different brands/models of firewalls, and contextualise results so that an accurate picture can be made regarding the perimeter security of the system.
  •  External Infrastructure assessment – we will automatically scan, and then manually assess the externally facing estate, and review any open ports and services for their configuration from a security standpoint
  • External/Internal Web Application Assessment – we will assess the application for the following criteria as a priority (the OWASP top 10):
  1. A1 Injection
  2.  A2 Broken Authentication and Session Management
  3. A3 Cross-Site Scripting (XSS)
  4. A4 Insecure Direct Object References
  5. A5 Security Misconfiguration
  6. A6 Sensitive Data Exposure
  7. A7 Missing Function Level Access Control
  8. A8 Cross-Site Request Forgery (CSRF)
  9. A9 Using Components with Known Vulnerabilities
  10. A10 Unvalidated Redirects and Forwards

After this, we will see how the application can be attacked, and evidence all of our findings with bespoke proof of concept code.

  • Wireless Assessment – we will assess the setup of the WiFi networks, and see if there are any exploitable vulnerabilities that would give access to the internal network.
  • Segmentation testing – this can be included in any of the internal/wireless assessments, and network segmentation can be fully assessed against data exfiltration.
  • Wireless Mapping exercises – this is where we take accurate measurements of the WiFi signal permeation into the surrounding environment around the main site to be assessed. We then plot this on a google map, and provide accurate reporting to demonstrate where the vulnerabilities, and best remediations are.
  • Social Engineering – we will assess the human element of the physical building security. The aim is to obtain certain trophies, or perform certain actions as prescribed by the client, from placing implants on the network, to recovering potentially sensitive data, or getting into secure environments.
  • Physical Access – we can assess the physical build of a building, including the lock integrity, building assessments, and cabinet/device security.
  • Phishing assessments  – we will assess the effectiveness of phishing attacks against the prescribed email estate. We will assess how many users click on a malicious links, and how many will actually enter their username, password, and other details.
  • Mobile Assessments – MDM – this will assess the effectiveness of  the mobile device management, much like the internal penetration tests.
  • Mobile Assessments  – Mobile apps – we will assess the web app for the full security assessment, in the same vein as a web application. We will look for easy wins, information disclosure, web-based vulnerabilities, as well as any security bugs in the app itself.

Rainbow Cyber Security

Your one stop consultancy to protect your business from all your cyber security threats

Office Address

Rainbow Cyber Security

       Riverbank House Eastleigh       

SO50 6BF

Get Social

Company Registration Number  1102373

© 2019 Rainbow Security, All Rights Reserved
Rainbow Cyber Security