What Role does Penetration Testing Play in Preventing Unauthorised Access? 

Ultimately, all breaches result from unauthorised access. Whether that’s sensitive information being unintentionally publicly available, as the result of ransomware, someone snooping on your Wi-Fi, or even from credential stuffing, the goal is to make sure that the people with access to your systems and data are the ones you’ve allowed.

There is a veritable word soup of solutions which aim to help with this goal: NAC, IDS/IPS, MFA, IAM, EDR to name but a few. One thing that isn’t an acronym that can help is penetration testing. When looking to enhance security, expert insight can sometimes be overlooked in favour of technology. However, it’s important to remember that without insight, who knows whether the technology is required?

Taking each of the examples given above, let’s see how providers of penetration testing services and their pen testers can help identify and prevent exploitation of vulnerabilities which result in unauthorised access.

In the case of sensitive information being publicly available, external infrastructure and web application testing would identify files and data which shouldn’t be present on the Internet.

When we’re talking about ransomware, a key factor affecting the impact is network segmentation. If the ransomware worms (infects other hosts automatically on the network), it stands to reason that the less systems it can communicate with, the less it can infect. Internal infrastructure testing is commonly used to identify the attack surface area (what an attacker would see) on a network, and any vulnerabilities which could be exploited in order to infect other systems automatically.

Wireless networks are super convenient. Unfortunately, they’re also convenient for attackers. Rather than having to tap into a physical cable, they can just pull the communications out of the air (called sniffing). Wireless networks use encryption to prevent this, however configuration can be a minefield, and one misstep can render your communications available to interested parties. An (originally named) wireless network test will identify any misconfigurations, and as a bonus also make sure that any visitors connected to your guest Wi-Fi can’t get access to anything they shouldn’t.

Credential stuffing is an interesting case, as it depends on someone else being compromised first. An attacker will take known username and password combinations (credentials) and attempt to use (stuff) them elsewhere just in case someone has used the same password in multiple places. In this case a password audit will identify passwords which are either easily guessed (called cracking) or are already considered compromised due to being available online.

Of course, the scenarios outlined above are just a few of the cases in which unauthorised access occurs. Regardless of your concern, URM can scope a penetration test to provide technical assurance, and help your organisation level up its security.

Why URM for penetration testing? 

CREST Accredited.

You can be reassured that URM is a CREST-accredited organisation for Penetration Testing, and one of the first organisations to be accredited to the CREST OVS Programme, which demonstrates advanced capabilities in the web and mobile application penetration testing.

Continuous Feedback.

URM’s team of testers provides support through the scoping phase, regular updates during the testing, a debrief meeting and comprehensive report at the end of the assessment.

30 Day Retest.

You will receive a free retest of any high or critical vulnerabilities identified during an assessment in the first 30 days after report has been produced.

Holistic Approach.

To augment its cyber testing services, URM provides extensive range of GRC services including penetration testing, network penetration testing, development of policy, process and training solutions to address your security weaknesses.

Tailored to Your Needs.

Whether you need all-encompassing testing of your systems or a time-limited assessment within a defined timeline or budget, URM can assist by providing an assessment tailored to your organisation’s needs.