CASE STUDY #

Penetration Testing

Penetration Test

A large client hired NSI to test the security of their facility. NSI recommended conducting a penetration test using social engineering and ultimately leading to a red team physical penetration test. Our team successfully penetrated the facility without detection. We were also able to show how easy it was to gain access to their systems.

This was done by handing a USB memory stick to the receptionist who plugged it into their computer. We offered recommendations as to how their security should be increased and implemented new security measures.

Penetration testing is a service which analyses the security of IT network systems and security protocols by identifying and exploiting any weaknesses present in your organisation by using techniques such as social engineering, external and internal penetration testing, remote access penetration tests, red-team exercises, and cyber threat and risk assessments.

Our range of Penetration Tests:
  • External penetration testing

Using a casual or focused approach of an attacker on the Internet with limited knowledge.

  • Internal penetration testing

Testing for potential penetration from disgruntled or careless employees or contractors with authorised access to the corporate network.

  • Remote Access penetration testing

Testing for potential penetration from casual or focused attackers from both known and unknown remote access entry points.

  • Mobile application penetration testing

Assessment of mobile devices and their applications and Mobile Device Management solutions to penetration by an attacker.

  • Social engineering testing

Testing using techniques such as tailgating, pretexting, phishing and baiting and the human factor involved in it.

  • Physical penetration testing

Using real-world trespassing techniques to test the physical security of a physical structure such as an office or building.

  • Red Teaming

We will test the full physical, cyber, and information security of your organisation mimicking a determined attacker that will attempt to use any possible way to gain access to your systems, data, or physical premises, using a mixture or all of the above methods.

Contact