What is a Penetration Test?
A Penetration Test (also known as Ethical Hacking) is an authorised hacking attempt targeting an organisation’s IT infrastructure, applications and staff, with the aim of gaining access into its virtual assets. The purpose of this test is to harden security defences by eliminating vulnerabilities and advising on areas that are susceptible for compromise.
The testing process is layered, and performed in four stages:
- Gathering Information about targets (reconnaissance)
- Identifying and prioritising vulnerabilities
- Exploiting identified vulnerabilities to determine risk level
- Providing executive level reporting and actionable remediation strategies
Scope of the Service
Applications
Shearwater’s Application Testing covers Mobile Applications, Web Applications, and Web Services.
Networks
Shearwater’s Network Testing examines the security stance and procedures around network assets.
Phishing
Through this type of testing, Shearwater can evaluate end users’ susceptibility to conduct attacker requested actions.
PCI DSS
Shearwater designed this service to take the complexity out of Vulnerability Assessment and Penetration Testing requirements for PCI.
Benefits to Executive Management
- Independently verify your organisation’s security posture and processes
- Reduce risk and incorporate Information Security into your organisation’s overall risk management policy
- Avoid the high cost, legal ramifications, and damage to reputation that can result from information loss
- Leverage good security practices as a competitive advantage
- Ensure compliance with PCI DSS and other security standards
- Incorporate business objectives into your overall security program. Security management is fast becoming the domain of executive management, not just the internal IT team.
Benefits to Internal Security Team
- Proactively harden your organisation’s IT Systems against malicious attacks
- Leverage Shearwater’s expertise which spans across government and private enterprise
- Access our comprehensive security report packed with prioritised actionable recommendations
- Validate security measures and processes against industry best practices
- Reduce time and costs associated with managing false positives produced by automated scans
- Gain independent verification of systems and configurations before they go live on your network
- Provide management with a proof of exploit, which outlines the assets that an attack can compromise
- Facilitate management’s approval of security expenditure and demonstrate ROI of existing security tools
“For us to be able to go to our clients and have a relationship in place with a company like Shearwater who lives and breathes security is immediately reassuring and goes a long way to giving them comfort. That definitely paid dividends for us from a brand, value proposition, and business development perspective.”
Shearwater: The Gold Standard in Penetration Testing
Here is how we raise the bar:
Comprehensive Reporting
Shearwater offers in-depth executive level reporting which serves as a risk minimisation tool for management, and a technical document – listing vulnerabilities prioritised according to risk level – for the internal security team. The report also provides access to mitigation strategies based on Shearwater’s key insights into the cyber-threat landscape.
Post Engagement Follow Up
Our post engagement follow-up is an additional benefit that allows clients to engage us with questions, or seek guidance on issues referred to in our report.
Testing Standards
The Open Web Application Security Project (OWASP)
The National Institute of Standards and Technology (NIST)
Source Security Testing Methodology Manual (OSSTMM)
Penetration Testing and Execution Standard (PTES)
Penetration Testing Framework
Australian Government Security Policies and Guidelines
Customer Centricity
We listen to our clients to understand their goals. Our team also alerts security staff – in real time – to critical vulnerabilities and threats discovered.
Our Certifications
